Surprisingly low-tech attacks on high-tech biometrics systems

Not all biometric fraud is a complex coding job taken on by international cybercriminals. Sometimes it is someone nearby staring you in the face. Following, are some examples.

A man in South China, according to the Global Times, stole $23,500, or 150,000 yuan, from an ex-girlfriend by dosing her with medicine and borrowing some biometric identifiers.

Reportedly a compulsive (and poor) gambler, the man, identified only as Huang, dialed his ex offering to stop by with a plan to repay the 60,000 yuan he had borrowed from her during happier times. Bonus: He would cook dinner because she was not feeling well.

The only plan Huang had in mind, however, was to render his ailing pigeon unconscious and relieve her of some more money.

He cooked as promised, gave her medicine that made her drowsy and waited. When she was out, he opened her phone by pressing a fingertip to the device’s biometric sensor.

Navigating to a bank or money-transfer app requiring an iris scan, Huang peeled open an eye, and he was off to the races. Probably literally.

At some point after regaining consciousness, the woman saw she was missing money and called police, who probably took all of five minutes to conclude who they were looking for.

Huang likely is wagering on roach races as he serves 3.5 years in prison. With any luck, he will win enough to pay his $3,140, or 20,000 yuan fine. His cellmate might want to practice sleeping with his face in the pillow.

Meanwhile, in India, police have arrested a man named Ravi Kumar for brazenly capturing the biometrics of people using their fingerprints as they voted. As reported in the Hindustan Times, Kumar was recording people’s prints not to sway the election by to swell his personal coffers.

Kumar was “handling” the biometric voting electronics in some official capacity when he used his phone to steal the biometric identifiers right before people went on to use their thumbprints and Aadhaar card information to vote.

More than a dozen voters went to police saying that they had lost ₹5,000 ($65.77) to ₹10,000 after voting. As with Huang, police quickly deduced that Kumar was involved and arrested him.

The Hindustan Times also reported on about 30 similar complaints of people being victimized, mostly after voting. These accusations centered on two other biometric voting booths in a poor district elsewhere in the country.

Article Topics

authentication  |  biometric identifiers  |  biometrics  |  China  |  fingerprint recognition  |  India  |  iris recognition  |  mobile app