Following the news that a professor at the Digital Content and Media Sciences Research Division of the National Institute of Informatics has demonstrated how fingerprints can be stolen from a photo. Robert Capps, VP of Business Development at NuData Security commented below.
Robert Capps, VP of Business Development at NuData Security:
“While physical biometrics will always have a place when it comes to in-person user authentication, there are significant drawbacks to consider when the biometric identity verification is extended online.People shed physical biometric data wherever they go, leaving fingerprints on everything touched, posting selfies on social media, and videos with friends and family. Much of this information can be captured by fraudsters. Fingerprints can be stolen from doorknobs and glass and easily replicated. High-resolution photos, as Isao Echizen demonstrates in this zoom-and-enhance technique, can take a picture from great distances that can be used to copy a physical biometric. This technique was also brought to wide-scale attention by Jan “Starbug” Krissler when he used Angela Merkel’s photo to unlock an iris biometric test at a security conference in 2015.”
Robert explains, “Consumers bear additional risk in using physical biometrics online, as they become static identifiers that can never be changed, and in their digital form, can be stolen, traded, and potentially reused to impersonate the legitimate user. Once biometric data is stolen and resold on the Dark Web, the risk of inappropriate access to a user’s accounts and identity will persist for that person’s lifetime. As the most stringent of authentication verifications deploy physical biometrics, such as immigration and banking, physical biometric data will become very desirable to hackers. We can expect more creative attempts by hackers to capture this information. The benefit of passive behavioral biometrics is that the information used to uniquely identify a user is passively collected and dynamically analyzed, and has an extremely limited shelf life of usefulness – making theft and successful reuse of raw behavioral signals nearly impossible.”