The rise of biometric authentication.

The rise of biometric authentication.
Biometric fingerprint readers, facial recognition systems, retina scanners, etc. they have already proven themselves in sci-fi movies and have proven themselves in consumer device authentication. and in fact they have broken into customs. This has led many companies to explore biometric authentication as a way to protect sensitive data and ensure that the right person has access to the right device at the right time. However, while some information security experts believe that biometric technology is the future of digital security, others express growing privacy concerns. But before we weigh the risks and benefits, here is a brief overview.

Understanding biometric authentication

To function for identification and access control purposes, biometric markers must be totally unique to an individual, registrable, and permanent. Examples of biometric data include a person's unique facial structure, the small edges of a fingerprint, the uniquely patterned iris that surrounds a pupil in the eye, the unique sound waves of a person's voice (or "fingerprint"). of voice"), the geometry of a hand, or the way a person interacts with a computer system (typing rate or mouse usage, for example). These "unique human identities" are collected, stored, and mapped in a database, giving users a secure way to connect to a multitude of devices or systems without having to use (and remember) multiple passwords. . And it's not just forward-thinking technology. A recent CyberArk survey of UK office workers revealed that many companies are beginning to incorporate new, cutting-edge security technologies into their strategies. Approximately one in five (19%) report that their IT security team is experimenting with biometric security techniques. Includes fingerprint and retina scanning and embedded chips.

Image Credit: Shutterstock Image Credit: Shutterstock (Image: © Shutterstock)

The cybersecurity puzzle.

This technology is great and efficient, but businesses cannot ignore the myriad of security and privacy issues associated with implementing biometric authentication. First, there is a significant difference between a hacker getting your fingerprints instead of a password. You can't change your DNA after all! This leaves your devices vulnerable and exposed. Additionally, the permanence of biometric authentication could easily lead some individuals and organizations to feel overconfident in the technology and less focused on cybersecurity best practices, such as multi-factor authentication (MFA), required. to deeply secure employee devices. Sophisticated hackers will already try to use biometric technology for digital and physical authentication. According to the information on the motherboard, some hackers have cracked the authentication technology of the hacking vein by making fake wax hands. Although this is an extreme and unusual example, it just goes to show that hackers are ready to go further and that businesses need to stay ahead to fight all kinds of threats.

Image credit: Pixabay. (Image: © Image Credit: TheDigitalArtist / Pixabay)

How can these hacks take shape?

Here are some ways that attackers target unique human identities to collect huge amounts of biometric data to model and use in harmful ways: Genetic consumption services. If you've already taken a DNA test at home, your unique genetic information is now in the hands of an organization you probably only have limited knowledge of. Last June, the MyHeritage genealogy testing service revealed that 92 million accounts were found on a private server. Personal DNA has not been compromised in this case, but shows the possibility of considerable damage in the event of a successful breach. Embedded Human Microchips According to the bioacking company Dangerous Things, between 50,000 and 100,000 people today possess an embedded microchip, which allows them to open their office door, enter the gym, eat lunch and eat. To simplify your movements. However, several security researchers have shown ways to hack these chip implants: infecting a flea with a virus using an SQL injection attack to perform a URL attack on a browser vulnerability in an NFC chip. Biometric stores within organizations. As adoption of biometric authentication grows, vast amounts of highly sensitive data is collected, stored on-premises and in the cloud, processed, and accessed with minimal protection or monitoring. . Cyber ​​attackers are increasingly targeting data warehouses in organizations, knowing that many of them have not implemented the necessary technical and organizational measures to protect sensitive data. Although biometric science is no longer part of science fiction, we believe that much remains to be done to be implemented on a large scale in large companies. We need to stay ahead of hackers and anticipate their ability to hack into biometric technology at any time. This will require strong cyber security measures, such as the MFA. There is more at stake here than financial damage and reputational damage to companies: it is about protecting our unique human identities. It is time to become aware of the potential risks of biometric technologies and to take the necessary measures to combat them. David Higgins, EMEA Technical Director at CyberArk

You might also be interested ...