FB pixel

Biometric exploits aren’t on the horizon; they’re in the backyard

Biometric exploits aren’t on the horizon; they’re in the backyard
 

The biggest threat to widespread use of biometrics in security is public distrust and the inability of the industry and government to address that distrust.

But that is today. Cybersecurity firm Intel 471 says that cybercriminals — precisely the people biometrics was supposed to put out of business — have already begun defeating systems. Their activity still is in its “infancy,” according to Intel 471.

A missive published by Intel 471 says that criminals “have learned to exploit vulnerabilities in facial and fingerprint recognition software.”

They have gained access to a device and then, of course, explained to their community how to defeat behavior-based anti-fraud software.

In September 2020, the company’s analysts reportedly “observed” a pair of Iranians trying to sell ID documents, some of which held biometric data.

One of the suspects claimed to have 76,000 national codes and biometric national ID cards originating in the United States and 10 other countries, including India, Brazil, Saudi Arabia, South Korea and Spain.

The other person, according to Intel 471, reportedly possessed 72,400 scanned Iranian IDs, at least some of which had biometric data.

It is also known that last fall, a team of United Kingdom scientists spotted a vulnerability in the iPhone’s express transit mode that enabled them to use a replay-and-relay attack to make contactless payments of £1,000 (US$1,350) on Visa cards linked to Apple Pay.

Biometric authorization was simply bypassed. The phone was locked and did not authorize the transaction.

Vulnerabilities also found in Android devices and in Microsoft’s Windows 10 Hello facial recognition software allowed biometric authentication to be skirted.

In a more strained example, a man claimed that he was able to bypass behavior-based anti-fraud systems and two-factor authentication by mimicking the keystrokes and mouse movements of his twin brother, according to the firm.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

UK school reprimanded by ICO for using facial recognition without DPIA

A school in Chelmsford, Essex, has been reprimanded by the Information Commissioner’s Office (ICO) for the unlawful implementation of facial…

 

Tech5 introduces flexible biometric template protection for its ABIS

Tech5 has developed biometric template protection technology that it says meets the criteria set out in the ISO/IEC 30136 standard….

 

Maza streamlines KYC with Regula biometric and document verification

Regula has integrated its document and biometric verification system into Maza Financial, a fintech company based in the United States,…

 

More ballparks to get biometric entry through MLB’s Go-Ahead Entry

Major League Baseball continues to grow its facial recognition entry program with biometrics from NEC. An article in Sports Business…

 

Inrupt enters growing digital wallet market with pitch from WWW inventor

Inrupt has launched a digital wallet, which comes with a notable endorsement from an internet pioneer. A press release says…

 

OIX calls on new UK government to accelerate digital ID rollout

The UK should work toward a digital wallet strategy, provide clarity on how ID will work across the public and…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events