UPDATED 10:00 EST / DECEMBER 25 2015

NEWS

Are biometric security measures really better than a password?

There are many ways for people to secure their smartphones so no one can access the data in it. Depending on what device you are using, you have the choice of using a simple passcode, an elaborate password, pattern unlock, face unlock and even a fingerprint scan. The problem is that all of these methods can be circumvented, even those that use biometric scanning.

How to dupe biometric security

Face Unlock

When Google introduced the Android 4.0 a.k.a Ice Cream Sandwich back in 2011, one of the features that stood out was Face Unlock, which allows users to unlock their devices using facial recognition. Though many thought that this was a secure enough way to protect their device, hackers were easily able to fool the technology just by using a photo of the owner of the device when it is asked for a face scan.

Google updated its software to enhance the security and required the person to blink to ensure that the device is not being presented with just a photo. Unfortunately, this “live” feature can also be hacked using photo editing. To dupe this, all you need is the most recent photo of the device owner and then use a photo editing software to edit the eyes to make it look like the eyes are closed. This can be done by painting the eye area with the same color as the surrounding skin. A good match is the area around the nose, as it usually has the same shadows as the eyelids. You then need to apply a flash effect on the original and edited photos to make it seem like the image is blinking. Voila! You now have a blinking photo.

Fingerprint scan

In 2014, biometrics specialist Jan Krissler presented a way that fingerprint scanning can be duped. All you need is a variety of photographs of a person’s finger and software such as VeriFinger, which is used to identify fingerprints, and you can recreate a person’s fingerprint and use it to unlock a device or bypass security that requires it. This can be a daunting task, especially the part where you need various photos of a person’s fingerprint, but if you really want to steal someone’s fingerprint, no task is too arduous to accomplish.

There are other ways fingerprint scanning can be duped, such as with the use of a superglue, wood glue, skin-friendly glue, a bottle cap and a digital camera. First, you need to find a fingerprint of the person. Then, using a few drops of superglue placed on the bottle cap, make the fingerprint appear with the vapor from the superglue. Take a photo of the fingerprint, transfer it to your computer and resize the copy of the fingerprint to match the original. Use a laser printer to print the copy onto a foil slide, sweep wood glue on it, let it dry and then cut. Remove the dry wood glue from the foil slide. It is now ready to be used. You can use a skin-friendly glue to attach the copy of the fingerprint to your finger.

Iris scanning

At CES 2015 and MWC 2015, two companies showed iris scanners embedded into devices such as laptops and smartphones. EyeLock Corp., the company behind the Myris iris-scanning security camera, showed off a laptop embedded with the technology. And at MWC 2015, Fujitsu Ltd. showed a prototype of a smartphone with an embedded iris scanner. This allows users to easily get into their computer or smartphone without typing anything or swiping their finger to be scanned. They just looked at the iris scanner and the device unlocks in a second. Though this biometric security feature seems to be quite secure, it is still weak.

According to Krissler, even iris scanners can be fooled, especially now that photos are taken in high resolution. During the CanSecWest security conference in March, Krissler showed how a high resolution of his eyes taken in infrared and printed in black and white was able to fool a commercial Panasonic iris scanner. For subjects with light-colored eyes, colored photographs are expected to work just as well. Krissler also mentioned that contact lenses with printed irises could also be used to circumvent these iris scanners.

Protect yourself

It is undoubtedly disturbing how high-tech gadgets can be used against us, but unless you are a high-profile figure, you are less likely to be the target of hackers who are willing to go through photographs of your hand or eyes. Also, you can use technology to protect yourself.

One device that may offer complete protection is Nymi, a wearable device that constantly checks the wearer’s heart electrocardiogram to verify that the wearer is the rightful user. By verifying that the wearer is the authorized person, the data can be used to automatically lock or unlock devices without having to input passwords or other security measure. The electrical pulse of your heart is the key. Recently, Nymi added two-factor authentication which generates a unique one-time code that it uses, along with the verified electrocardiogram reading, to unlock things without the user doing anything. At the moment, Nymi only offers a developer kit for $149.

Photo by DaveBleasdale

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU