FB pixel

Missing fingerprint liveness detection opens the door for Aadhaar spoofing attacks

| Joel R. McConvey
Categories Biometrics News  |  Fingerprint Recognition  |  Liveness Detection
Missing fingerprint liveness detection opens the door for Aadhaar spoofing attacks
 

Aadhaar is leaking again, and the Unique Identification Authority of India (UIDAI) is facing questions about the deployment of liveness detection in its biometric fingerprint authentication system. The Hindu reports that cases of financial fraud have been traced to fingerprint authentication in the Aadhaar-enabled Payment System (AePS) that did not employ liveness detection, which UIDAI had promised to roll out in March 2023.

Using thumbprint data and Aadhaar numbers downloaded from the Stamps and Registration Department in the state of Karnataka, perpetrators were able to create 3D images of the prints that fooled the unprotected authentication and allowed them to withdraw money through AePS. Victims were unaware of the transactions.

The Hindu says its requests for a comment from UIDAI on the lack of liveness detection in the modality have thus far gone unanswered. In February, UIDAI raised the issue of spoofing attempts with state governments and announced that it would introduce the liveness-enabled FMR-FIR (Finger Minutiae Record – Finger Image Record) fingerprint authentication modality on March 1.

With the Aadhaar national digital identity system being adopted for more use cases, India has hosted over 100 billion total authentication transactions. Liveness detection in biometric fingerprint authentication is working in some areas of the country – but not, apparently, Karnataka.

Aadhaar’s permeability has become an ongoing talking point, with questions about biometric data breaches, bugs, digital ID data offered for sale on the dark web, and, in this case, the use of single-factor authentication for financial transactions.

There are proposed fixes. In light of the AePS fraud, Karnataka will block out the first eight digits on all documents related to registration. However, questions about feasibility and timelines hover around practical implementation, and police point out that a similar blocking of digits was mandated before, but ignored.

Meanwhile, police are also seeking access to Aadhaar data in court, despite UIDAI restrictions on the use of biometric data by law enforcement.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Canada regulator backs privacy-preserving age assurance

The Office of the Privacy Commissioner of Canada (OPC) has published a policy note and guidance documents pertaining to age…

 

FCC seeks comment on KYC revision for commercial phone calls

The U.S. Federal Communications Commission (FCC) has proposed stronger KYC requirements for voice service providers to prevent scams and illegal…

 

Deepfake detection upgrade for Sumsub highlights continuous self-improvement

Sumsub has launched an upgrade to its deepfake detection product with instant online self-learning updates to address rapidly evolving fraud…

 

Metalenz debuts under-display camera for payment-grade face authentication

Unlocking a smartphone with your face used to require a camera placed in a notch or a punch hole in…

 

UK regulators pan patchwork policy for law enforcement facial recognition

The UK’s two Biometrics Commissioners shared cautionary observations about the use of facial recognition in law enforcement over the weekend…

 

IDV spending to hit $29B by 2030 as DPI projects scale: Juniper Research

Spending on digital identity verification (IDV) technology is projected to reach a 55 percent growth rate between now and 2030,…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events