Skip to content

What Are the Risks of Biometrics and Can They Be Hacked?

eye-g3cf2e3b56_1280

We’ve all had some pretty crazy images burned in our brains watching science-fiction biometrics in movies over the years. 

Iris recognition was a big thing in Blade Runner because it distinguished the replicants from the humans. In The 6th Day, Arnold Schwarzenegger’s clone enters an elevator using a stolen thumb for fingerprint recognition.   

And there was an unforgettably gross scenein Demolition Man where Wesley Snipes’ character Simon Phoenix snatches a prison guard’s eyeball and uses it to fool a retinal scanner so he can break out of jail. 

All of this science fiction forewarned us, years before this technology even existed, that biometrics can be scary! Will life really imitate art, or was all of that just pure fantasy meant to reel us into the theater? 

The tech behind biometrics is pretty amazing, in many cases making security lines in airports move faster and creating unique identifiers you will always have with you, even if you forget your wallet or keys. They can often be used to increase security. 

But there still are undeniable risks involved with this technology. Let’s move beyond the futuristic ideas of Hollywood and take a look at the reality of biometrics. 

First of all you may be wondering: what are biometrics? 

Biometrics are physical or behavioral human characteristics that can be used to digitally identify a person to grant access to systems, devices, or data. Essentially that’s anything that you can use to prove your identity. 

Examples of biometric identifiers are fingerprints, facial geometry scans, and voiceprints. Each of these is considered unique to you as an individual. Unlike a social security number, a person’s biometric data generally cannot be altered.

What are the privacy risks of biometrics?

When it comes to any kind of personal data (yes, even your retinal scan) there are going to be bad actors who want to steal your identity to gain access to banking information, email accounts, and anything else that could prove lucrative. 

In a world where data breaches have compromised the private information of literally billions of people, how fully do we trust the government and private companies with access to our biometrics to protect this very personal information? Can they guarantee this data will never be hacked or stolen from their server? 

Unfortunately, it is already happening on an alarming scale. In India, a security breach compromised billions of Indians’ private data from the Aadhaar database. This data was accessed and affected certain vital thumbprint and biometric data for people seeking food or government aid. 

In another instance, a large-scale breach took place at the Federal Government Office of Personnel Management where 5.6 million workers’ fingerprints were stolen in 2015. You can change your password if it is stolen, but…changing your fingerprint or your face? Unless you’re John Travolta or Nicholas Cage, that’s probably not going to happen. (Remember, Face/Off?)

And while the New York Times points out that your face is, or will be your boarding pass at the airport in the near future, Bart McDonough, chief executive of Agio, a cybersecurity and IT consultancy, says airlines and other travel companies don’t seem to be asking the tough questions about the technology. Among them is: How is this data being protected? 

This can be a pot of gold for hackers. We know what they can do with credit cards and social security numbers but imagine the possibilities for all-in identity theft when thieves have access to your biometric data.

What are the functionality risks of biometrics?

If your identity is tied to your physical characteristics, you have to wonder: what if my voice changes? What if my eye gets damaged? I mean, are you going to miss your flight to Barcelona because you forgot to shave or got eyelash extensions? What if your characteristics suddenly do not match what’s in the TSA database? 

Identifying people by scanning the irises of their eyes may not be as reliable as some governments and the public might think. New research suggests that irises, rather than being stable over a lifetime, are susceptible to aging effects that steadily change their appearance over time. What is the threshold that will affect you being locked out of your home or missing your flight? 

What are the safety risks of biometrics?

So, will life really imitate art? Could an eyeball that’s ripped out get through a retinal-scan security checkpoint? Could a rogue finger get used for its print?

Well, regarding stolen eyeballs, one biometrics expert weighs in with this: 

In the real world, this strategy would certainly fail. First of all, today’s scanners use iris recognition, not retinal scanning. And they are equipped with liveness detection which considers multiple factors to determine a live eye is being scanned. For example, a living eye’s pupils dilate and respond to light. A dead one would be unresponsive and easily detected.

And what about chopped-off fingers? Are criminals going to copy Arnold’s clone? 

Based on what Apple has revealed regarding Touch ID and what the company’s own patents have suggested, the sensor in the iPhone utilizes two methods to sense and identify your fingerprint:

  • Capacitive — A capacitive sensor is activated by the slight electrical charge running through your skin. We all have a small amount of electrical current running through our bodies, and capacitive technology utilizes that to sense touch. This is also the same technology used in the iPhone’s touch screen to detect input.
  • Radio frequency — RF waves do not respond to the dead layer of skin on the outside of your finger — the part that might be chapped or too dry to be read with much accuracy — and instead reads only the living tissue underneath. This produces an extremely precise image of your print and ensures that a severed finger would be completely useless.

This means that the Touch ID sensor should be remarkably accurate for living creatures, but it also means that only a finger attached to a beating heart will be able to unlock it. So, should someone run up to you, hack off your finger, grab your iPhone and attempt to unlock it, there’s virtually no chance it’s going to work.

Whew, that’s a relief! 

To sum it up, biotechnology has evolved from the imaginings of science-fiction authors and Hollywood screenwriters to real-life tech advances that can save us time, enhance our security and provide unique identifiers beyond an ID card. It is the real real ID. And yes, there is a lot to be wary of. As with any promising technology, it is much more complicated than what we can see with the naked eye. But happily, it seems we can relax about replicants, clones, and zombie apocalypse scenarios where our limbs are snatched for the sake of identity theft.

Related Articles

All
  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety
Stuart Madnick has been in cybersecurity since 1974 and knows a lot about the costs of cyberattacks.

The Cost of Cyberattacks: Minimizing Risk, Minimizing Damage

Most of us view the internet as a useful and benign tool. But in many ways, it’s…

[Read More]

How to Keep Your YouTube from getting Demonetized

You finally did it–you hit all of the markers for acceptance in the YouTube Partner program, and…

[Read More]

How to Stay Out of Facebook Jail

Many of us have been there before–behind the proverbial bars of social media punishment. We’re left shocked…

[Read More]
Lisa Plaggemier's job is to promote cyber security awareness.

Cyber Security Awareness for Everyone

You can do anything on the internet – shop, bank, meet your future spouse, become famous, and…

[Read More]

Cyberbullying Prevention: What Parents Can Do

It’s very easy for anyone to create a fake online profile and say or do mean things…

[Read More]
Lost iPhone

Lost iPhone? If It’s Missing, Look Up to the Cloud for Help.

Here's an important piece of advice: You need to learn what Find My and iCloud.com can do...

[Read More]