Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

Before the ink is dry: Correcting biometric spoofing myths
Before the ink is dry: Correcting biometric spoofing myths

Published : , on

By Eric Setterberg, System design Engineer at Fingerprints

Biometric authentication is highly robust, and the latest solutions offer considerably greater security than their authentication predecessors: PINs and passwords.

But as biometrics moves into new areas such as payments and access control, privacy and security concerns are rising. Biometrics has long been subject to scrutiny, with many elaborate examples of people working to trick biometric sensors to crack devices in the media and online.

To ensure the continued adoption of biometrics, it is important to shine a light on the reality of biometric spoofing.

The evolution of biometric solutions…

The first use of fingerprints as forensic evidence was in an Argentinean court case in the late 1800s. With the technology still in its infancy, this was done manually and by eye, comparing latent residual prints lifted from crime scenes to charts of inked fingerprints obtained from the suspects at arrest.

A few decades later, the FBI began collecting fingerprints of criminals and civilians. They also introduced the automated comparison of fingerprints by computers in the 1970s. These “traditional representations” have now been standardized by ISO and ANSI.

… and their spoofs

The earliest and simplest of these matching devices were easy to spoof. Really, all you needed was a photocopy or a good image of a fingerprint to make a successful spoof.

But as biometrics moved to more advanced technology, the game for biometric ‘spoofers’ has changed and the task of crafting fake fingerprints is considerably more difficult.

The biggest boost for biometric security, however, came with its introduction into mobile phones.

How mobile changed the game

Before the widespread integration of fingerprint sensors in smartphones, the technology underwent significant evolution. No operator wanted to use large biometric sensors in modern phone designs. Sensors had to become much smaller to reach the perfect price and design point for the mobile world, but this meant needing to capture data from a smaller surface area of the finger.

To maintain the security of these smaller sensors, algorithms evolved significantly in order to utilize a greater amount of data per unit area. These mobile-driven hardware and software changes resulted in the optimized image capture of modern touch sensors.

As a result, tricking these systems now requires a considerably higher level of detail to be reproduced correctly for a match to be successful, far beyond rudimentary gummi bear spoofs and photocopies

Setting the perfect spoofing scenario

Compromising fingerprint authentication via spoofing can still be done, even with all the technological advancements. However, it now requires considerable care, skill, money, and time. And to start, a good latent print…

To retrieve a latent print that’s high quality enough to work, you either need a willing volunteer to lend you their finger, or the commitment to stalk a victim until a viable fingerprint can be retrieved. Even with a decent latent print, modern spoofs then require advanced photoshop skills and/or a lab to successfully convert latent prints into effective moulds.

So – what about those articles boasting how easily they have hacked the latest smartphone device’s fingerprint sensor?

In fact, there are only two instances of fingerprint spoofing seen in the media nowadays: proof of concept and cooperative spoofs. Lay enthusiasts and media go through the effort of setting up a lab to create spoofs with latent fingerprints either from themselves or cooperative volunteers. Even the most successful of these take months of work, a highly skilled team, and the perfect scenario of circumstances.

Put simply, the effort required for spoofing modern fingerprint sensors cannot be applied at any scale. Each biometric spoof needs to go through the same laborious process and clinical conditions. So, if you can bring together a willing group of spoofing enthusiasts, tricking a biometric device could earn you fifteen minutes of fame on the internet, but it is likely to be conducive to a successful criminal business plan…

A “How” Without a “Why”

Spoofing biometrics remains technically possible, and there will always be those up to the challenge of trying to hack the latest technology. But the reality is that modern biometric solutions require more time, skill, and frankly, luck, to successfully spoof than ever before. Not to mention that tireless R&D work is continuously strengthening spoofing resistance. And, as use cases start to combine multiple biometric authenticators, such as combining fingerprints with face or iris to perform an authentication, spoofing will only become more complex.

By comparison, hacking PINs and passwords is considerably simpler and more scalable, making it far more lucrative. And, criminals generally take the path of least resistance.

For the average consumer, greater use of biometric authentication is not only a means of simplifying authentication, but dramatically improving the security of their devices, applications, and personal data. With PINs and passwords still the most common authentication method outside of mobile, it is imperative that the true security and advanced nature of modern biometric authentication solutions are understood.

Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post