Passwords are old school. Biometrics is the new-age security solution that is being implemented rapidly across organizations and devices. Almost all the latest smartphone models come with a built-in fingerprint sensor these days. Biometric data is considered to be the most secure form of authentication as it belongs to an individual and can’t be changed. The very advantage of biometrics can soon turn into a security nightmare.
An investigation conducted by Kaspersky Labs has unearthed increasing availability of biometrics skimming devices on the darknet. These devices, capable of skimming victim’s fingerprints can be easily bought from at least twelve sellers against Bitcoin payments. In a statement, a security expert from Kaspersky Labs Olga Kochetova says,
“The problem with biometrics is that, unlike passwords or PIN codes which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image. Thus if your data is compromised once, it won’t be safe to use that authentication method again.”
According to Olga, the easiest way for someone to gain access to biometric data is by accessing modern passports and visas. These documents have biometric data of the holder embedded in them and anyone with access to these documents can easily steal the information. While most of the biometric data skimming devices available on the darknet are for stealing fingerprints, especially from ATMs, there are few who are allegedly working on devices that can illegally capture data associated with palm vein and iris as well.
Another recent survey conducted by Deloitte shows that over 20% of smartphone users in the United Kingdom have switched to fingerprint authentication on their phones. The shift is said to be driven by privacy concerns as some believe that passwords and PINs can be compromised easily. But the latest trend on the darknet may soon end up neutralizing the advantage of fingerprint authentication over passwords and PINs.
The only way to safeguard one’s biometric data is to check for skimmers at ATMs and other public places that require biometric authentication before using them. Also, by keeping the passports and visas safe.
Ref: FSTech |Info-Security Magazine | Deloitte |Image: Myce
