Stolen fingerprints, fake hands, voice synthetization, and other nefarious techniques show biometrics has plenty of challenges.
Biometric Security- With the rise of credential stuffing and account takeovers keeping security professionals up at night, many pundits believe that biometric authentication is their answer.
But as any security veteran will tell you, there’s never a simple solution. While biometrics do offer a stronger form of authentication than usernames and passwords, they come with their own risks. Several recent breaches and hacks by researchers exemplify the cracks that can show at the seams of any security model that relies too heavily on biometrics.
Biostar2 Compromise Exposes 1M Fingerprints
The permanence of physical biometric information can actually be a detriment to its use as an authenticator if attackers are able to compromise that data. Case in point is a breach that occurred several weeks ago, when security researchers found an unprotected and unencrypted database of biometrics identifiers run by the Biostar2 platform was putting millions of people’s information at risk. The database included 23GB of data that included facial recognition information, unencrypted usernames and passwords, and the fingerprints of 1 million people.
OPM Breach Compromised 5.6M Fingerprints
One of the many shocking details of the devastating breach against the Office of Personnel Management (OPM) in 2015 was how attackers were able to make away with the fingerprints of 5.6 million federal workers. These prints were of some of the most sensitive government workers seeking security clearance from the government, making the repository quite valuable to the right adversary.
Samsung Galaxy S10 Fingerprint Scanner Hack
The trouble with the theft of fingerprints from repositories like Biostar and OPM is that attackers can fairly easily replicate them using everything from wax impressions to 3D prints modeled from stolen print info. The latter was demonstrated in April to work against Samsung’s latest generation of fingerprint scanners on its Galaxy phones.