FB pixel

The fallacy of hacked face biometrics’ vulnerability

Templates are safer than social media profiles
The fallacy of hacked face biometrics’ vulnerability
 

Biometric data is personal data. It is sensitive personal information. It can be used by hackers to open accounts using another person’s face, and in combination with a breached ID document, using a victim’s identity.

You cannot change your face if an image of it is stolen.

These facts are sometimes presented together as an argument that face biometrics should not be used, or that biometric templates are among the most dangerous type of data that can be breached.

These arguments are invalid. Their conclusions do not follow from the facts.  Stolen face biometrics templates are not a greater risk to the privacy and account security of the subject than the photo on their social media profile; in fact, quite the opposite.

What’s in a hack?

The form of face biometrics that is most useful to hackers is raw photographs, like the kind found on many social media profiles. In other words, public Facebook, Instagram, TikTok and LinkedIn accounts are a larger, more useful trove of face biometrics data for hackers than any database in the world.

Many media pundits and policymakers are confused on this point.

The familiar argument came up recently, when U.S. Congresswoman Jan Schakowsky noted “You can’t change that information” in criticizing what she sees as a lack of consumer protections in the proposed American Privacy Rights Act (APRA).

Data breaches are major contributors to fraud, primarily because they furnish cybercriminals with the non-biometric data they need to complete applications for fraudulent public benefits, bank accounts, or other services. And there are incidents when biometric data has been left unencrypted and exposed to cybercriminals.

But in most cases, properly stored biometric data has no value, for two different reasons.

The first is that biometric matches in and of themselves typically play only part of the role of confirming an identity claim, one which on its own is insufficient. The way many identity security professionals explain the distinction is by comparing the biometric to a username, and the liveness test to a password.

The second reason is that biometric systems architected and managed according to best practices only store biometric data in encrypted form, meaning that unlike the aforementioned social media images, they cannot be simply resubmitted as a spoof of the subject’s identity.

What’s in the honeypot?

As David Birch points out in Forbes, templates “are much more secure because they do not store the biometric itself but an abstraction of it.” It does not eliminate the risk, he notes, but it dramatically reduces the ease, cost-effectiveness and scalability of attacks based on stolen templates.

For systems that require large numbers of biometric templates to be collected together in a giant honeypot, there are template protection methods on offer, with more in development. These include advanced technologies like homomorphic encryption and multi-party computation which could provide protection against future attacks. In the meantime, standard template encryption, while theoretically breakable, has proven sufficient in practice to keep them off of the dark-web marketplaces where breached data proliferates.

The other reason listed above refers to a best practice that literally every organization using biometrics for security should follow: the implementation of biometric liveness and presentation attack detection.

Some policymakers and members of the media steadfastly avoid mentioning these technologies, even when discussing the problem they address. An article from TechRadar last year refers to a NordVPN report citing the immutability of fingerprints, and recommends two-factor authentication and strong passwords over biometrics for app security. Liveness and PAD are conspicuously absent.

Awareness of how biometrics work in practice does appear to be rising, however. The Register asked Gartner VP Analyst Akif Khan about the security of selfie authentication, and he noted that liveness checks make even the improperly stored facial images Resecurity recently discovered of Singaporeans on the dark web useless. Even TechRadar seems to have caught on to the role of liveness, just not its implications.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

SITA wraps up acquisition of Materna IPS

SITA reports it has completed all necessary regulatory and legal procedures and finalized its acquisition of Materna IPS, a provider…

 

Payface lands new retail biometric payments deal in Brazil

Brazilian face biometrics payments startup Payface has clinched a deal with supermarket chain Ítalo. Ítalo Supermercados, based in the southern…

 

EU to fund digital programs with €108m, including digital identity

The European Union has issued a new call for funding within the Digital Europe Programme (DIGITAL), allocating over 108 million…

 

Lawmakers try again to kill diversion of TSA screening tech funds

Because of Washington partisan politics, the U.S. Transportation Security Administration (TSA) doesn’t expect to be able to field upgraded and…

 

Florida tosses mDL program into the Gulf

Florida’s mobile driver’s license has been shut down, making the state a rare case in the world of a place…

 

FBI biometric fingerprint lab gets a party on its 100th birthday

The Federal Bureau of Investigation (FBI) is celebrating the centennial of its fingerprint lab. A release from the agency says…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events