A new study by the University of Buffalo’s (UB) School of Engineering and Applied Sciences has found that voice-based smartphone apps such as Siri and WeChat can expose make you vulnerable to the growing security threat of voice hacking, according to a report on Phys.Org. Using only a few minutes of audio samples, attackers can replay your voice convincingly enough to trick people and advanced digital security systems to steal money from your bank account. A UB team of engineers
Researchers from the Chaos Computer Club (CCC) have successfully breached the Samsung Galaxy S8’s iris recognition system to unlock the device using an image of an iris, according to a report by Motherboard. CCC has posted a video demonstrating how they bypassed the iris scanner’s protections using a camera, a printer, and a contact lens. “We’ve had iris scanners that could be bypassed using a simple print-out,” said Linus Neumann, one of the CCC researchers who appears in the video.
HSBC’s voice ID authentication software designed to prevent bank fraud has been duped by BBC Click reporter Dan Simmons and his non-identical twin, according to a report by BBC News. Simmons created an HSBC account and signed up to the bank’s voice ID authentication service. His non-identical twin, Joe, was able to access the account via the telephone by impersonating his brother’s voice. HSBC said it would “review” ways to make the ID system more sensitive following the BBC investigation.
Researchers at Idiap Research Institute Biometrics Group in Switzerland have conducted an extensive study of eight presentation attack detection (PAD methods) in which they assessed their ability to detect known and unknown attacks using publically available speaker databases with spoofing attacks, AVspoof and ASVspoof. Authored by research associate Pavel Korshunov and senior researcher Sébastien Marcel, the study is published in the latest issue of IEEE Journal of Selected Topics in Signal Processing. Automatic speaker verification (ASV) systems are highly vulnerable
Novetta vice president of special projects, Michael Thieme, has been appointed editor of ISO/IEC 30107-4, a performance testing standard related to biometric presentation attack detection. This performance testing standard will address spoofing and presentation attacks against mobile devices such as iPhones and Android smartphones. “This appointment further solidifies Novetta’s role as a thought leader in emerging biometric and identity-related technologies,” said Tiffanny Gates, Novetta president and chief executive officer. “We look forward to supporting this important and challenging work.” According
Smartphone fingerprint sensors could be fooled up to 65 percent of the time by “MasterPrints” digitally composed from common fingerprint features, according to findings published Monday by researchers at New York University and Michigan State University. In the report MasterPrint: Exploring the Vulnerability of Partial Fingerprint-based Authentication Systems, the researchers warn that partial fingerprint-based authentication systems are potentially vulnerable to compromise, particularly when multiple impressions of each finger are enrolled. Enrolling multiple impressions is often required by devices to ensure
Crossmatch has been awarded a $5.8 million contract to develop next-generation presentation attack detection (PAD) technologies for the Intelligence Advanced Research Projects Activity (IARPA) Thor program. “Innovation has been a driving force within Crossmatch from the onset and IARPA’s Thor program will allow us to innovate and develop new technologies and solutions that surpass existing PAD systems,” said Crossmatch SVP-CTO Bill McClurg. “These solutions will drive new commercial opportunities and market demand, and Crossmatch is excited to have this opportunity
This is a guest post by David D. Dunlap, Co-Founder and Senior VP of Corporate Planning, StoneLock Our personal identity is our single greatest asset – after all, how can one function in the world without an identity? However, the use of technology to assign identities warrants the need to balance out the requirements for security with the vital necessity of protecting individual privacy. The use of biometrics has been the subject of serious debate in the Security Industry for
iBeta Quality Assurance, a full-service biometrics, software quality, security, and performance testing lab, recently completed a successful project for a mid-sized bank to evaluate the False Accept Rate (FAR), False Reject Rate (FRR), and Spoof False Accept Rate (SFAR) of several biometric subsystem vendors’ products across multiple modalities. “Spoofing and liveness testing is an increasingly important part of any thorough evaluation of biometric technology as black hats look for new ways around improved biometrics-based security,” said Dr. Kevin Wilson, Director
Intelligence Advanced Research Projects Activity (IARPA), the intelligence community’s research arm, will soon launch two programs designed to detect fake fingerprints and develop devices to collect fingerprint data without the aid of a human operator, according to a report by GCN. The Odin program, which is scheduled to begin with four prime developers in early March, will develop detection technologies that can spot presentation attacks on biometric devices that attempt to spoof physical biometric samples, said Chris Boehnen, senior program