This week, we'd like to share a few articles that caught our eye by proving that it's time to move on from first generation biometrics to something more secure.
Why your smartphone's fingerprint scanner isn't as secure as you might think
Researchers from New York University and Michigan State University have developed "master fingerprints", based on the fact that most devices use a partial scanning, there would be enough similarities between prints for a master print to fool scanners 65 per cent of the time.
Read the full article at www.telegraph.co.uk
Samsung Galaxy S8's facial recognition can be tricked with a photo
Samsung's latest handset, promoted with the marketing slogan "Security that's foolproof" has already had its claims discredited before it's even officially launched. A video of a user testing the device has gone viral and shows how the facial recognition software can be fooled simply by presenting a photograph of the owner to the camera.
Read the full article at www.cnbc.com
When fingerprints are as easy to steal as passwords
When any authentication information is stored it is vulnerable to theft, whether it's a simple password or fingerprint data. In 2014, personal data including 5.6 million fingerprints was stolen in a major data breach for the Office of Personnel Management, and it could just be a matter of time until this comes at a cost for the victims as researchers have been able to successfully print 3D fingerprints that fool readers. Unlike with your generic password or pincode, you can't reset your biometric data.
Read the full article at www.theatlantic.com
B-Secur utilises a person’s unique heartbeat electrical wave that is filtered, amplified and processed by an algorithm to allow authentication of a person against a stored profile. An electrocardiogram (ECG) is an inherently 'live' signal providing the ultimate presence detection to authentication, i.e. you need the person present to authenticate them.
Each individual’s ECG produces an electric waveform different to another (inter-variability), like a fingerprint, but more than that, each heartbeat also forms a different signal (intra-variability). The ability to capture those uniquely means that we can form a particular pattern. If we see an exact match of this pattern, which wouldn’t be the normal occurrence, then we know there is likely a spoofing attempt underway, so imitation will be detected. So even if you were able to develop the technology to harvest this data, which is obviously much harder to do based on the fact that the biometrics are internal and not publically accessible, then it would not be possible to imitate. This is another benefit of using a “live” signal as part of a dynamic biometric modality, versus static first generation biometric modalities.