FB pixel

Kaspersky Lab reveal how criminals could exploit biometric ATM authentication


Researchers at Kaspersky Lab have investigated how cybercriminals could exploit new biometric ATM authentication technologies to steal the fingerprint data of banking customers.

While many financial organizations consider these emerging biometric-based ATM solutions to improve security over current authentication methods, cybercriminals can potentially use biometrics to steal sensitive information.

In its investigation into these underground cybercrime practices, Kaspersky Lab researchers found that there are already at least 12 sellers offering skimmers capable of stealing victims’ fingerprints.

At least three of these underground sellers are currently researching devices that could illegally obtain data from palm vein and iris recognition systems.

The first wave of biometric skimmers was observed in “presale testing” in September 2015, in which the developers of these skimmers discovered several bugs.

Developers found that the main issue related to the use of GSM modules for biometric data transfer, which were too slow to transfer the large volume of data obtained.

As a result, new versions of the biometric skimmers will use different, faster data transfer technologies.

“The problem with biometrics is that unlike passwords or pin codes, which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image,” said Olga Kochetova, security expert, Kaspersky Lab. “Thus, if your data is compromised once, it won’t be safe to use that authentication method again.

“That is why it is extremely important to keep such data secure and transmit it in a secure way. Biometric data is also recorded in modern passports – called e-passports – and visas. So, if an attacker steals an e-passport, they don’t just possess the document, but also that person’s biometric data. They have stolen a person’s identity.”

There have also been ongoing discussions in underground communities regarding the development of mobile applications in which attackers exploit the victim’s photo posted on social media and use it to dupe a facial recognition system.

In addition to these biometric ATM theft tools, Kaspersky Lab researchers reveal that hackers will continue to perform malware-based attacks, blackbox attacks and network attacks to compromise data that can later be used to steal money from banks and its customers.

Securelist.com offers a full threat overview report regarding upcoming cyberthreats to cash machines and safety tactics that can be deployed to protect banks from these threats.

Additionally, there are a number of videos demonstrating the various attack vectors against ATMs.

Previously reported, WISeKey International Holding Ltd released WISeID 6, an updated edition of its personal data and identity protection application that is now integrated with BlockChain technology.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


Huawei accelerates global digital transformation with digital ID, ICT and 5G projects

In recent years, global telecommunications provider Huawei Technologies has significantly ramped up its involvement in infrastructure projects aimed at supporting…


Move over, Armani: Italy’s It Wallet is the digital ID accessory of the season

Bravo to Italy for the forthcoming launch of its digital wallet scheme, clearing the path for a national digital identity…


Sumsub brings non-doc biometric identity verification to new markets

Biometric identity verification providers are expanding their market reach in various ways, including Sumsub’s support for users without ID documents…


Scottish Government emphasizes security of new platform for digital public services

Scotland is talking up the data security measures designed and build into ScotAccount, a single-sign on (SSO) service designed to…


Zambia, Namibia, Tanzania upgrade digital ID systems in concert with development partners

Zambia has carried out a major first step in its transition towards a modern legal and digital identity system, by…


Bermuda delays facial recognition deployment for national CCTV project

Bermuda’s government will not be deploying facial recognition capabilities in its CCTV system, at least for now, due to unspecified…


23 Replies to “Kaspersky Lab reveal how criminals could exploit biometric ATM authentication”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events