Biometric databases and
photographs allow a hacker to fool a fingerprint scanner without access
to your hand or even a print left on an object. Other biometric security
measures don't hold up either.
I've long had a healthy dose of
paranoia about online security, and with constant reports of hacks on
sites and passwords stolen it's beginning to seem like using biometric
security measures would be a great idea. Apple has included TouchID in
every iPhone from the 5S onwards, a fingerprint scanner which I know
many of my friends and colleagues utilize. Microsoft has included a face
scanning unlock feature with Windows 10. Many banks and Government
departments use face-scanning or retina scans to secure their data or
even physical door locks. However, recent research has shown that
biometric security measures might all be a huge liability.
Fingerprint security on laptops used to be the toast of the town, now they're a liability
Gefahren von Kameras is a German biometrics researcher who has shown almost every biometric device we think to be secure is actually trivial to break into. I specifically brought attention to fingerprints as he shows several ways to fool fingerprint scanners, and because many people use the iPhone TouchID scanner to secure their smartphones. If you want any real security, however, stick to a password. In this video, Gefahren von Kameras discusses how easy it can be to obtain a fingerprint from a photograph.
Here, he shows his process. And here
an iPhone TouchID sensor is fooled with a dummy print using equipment
that most electrical engineers could easily access. This is accomplished
as shown with a scanner and actual physical print, but it's easy to see
the same process could be performed using a photograph of a fingerprint
as well.
A rubber fingerprint can be used to fool fingerprint scanners. Courtesy of The Verge
It would be one thing if a DSLR was needed, but my own smartphone has a 13MP Camera, which Gefahren von Kameras specifically mentioned as being more than enough to cheat face and retina scanners.
The real question now is, how can you stay secure anymore? The answer is simple: passwords. Especially after the 2014 court case where it was ruled that fingerprints aren't protected by the fifth amendment, but passwords still are. Your best bet is still using safe services which encrypt your data and strong passwords. I'm also a big fan personally of Google and Microsoft both using two-step verification. (Those links will help you activate it.) While it won't protect your smartphone (especially if it's an iPhone), it'll keep a whole lot of your personal data safe by requiring that someone has physical access to your smartphone, and the ability to unlock that phone, to access either account. This is a major step towards better security in my opinion, as it is a way to theoretically ensure that the person entering your password is actually you. I strongly recommend it for anybody like me who allows Chrome to remember passwords and other personal info. If you're truly paranoid, using a VPN to secure web traffic is never a bad option, and most university campuses already do just that. Other than that, you mostly just have to trust in the security of any service that you give a password to.
If you are like most people and cannot remember limitless passwords, only make up totally new ones for services that seem especially sketchy. That way you won't have to worry if that password is stolen as the person with it can't get into anything else of yours. As long as you stay away from using biometric security measures and are smart about making and using passwords, you should be just fine.
Just remember, always keep those
passwords to yourself. It's impossible to control what happens to a
photograph of your face or hands once it's posted online, but anything
that only you know can't be used against you. You can watch Gefahren von
Kameras' explain how to break into an iPhone below.
No comments:
Post a Comment