A study published Wednesday may shatter the myth of biometric security. The cybersecurity organization Cisco Talos Intelligence Group found that spoofing fingerprints can be achieved with an 80 percent success rate, and that expensive equipment is not needed to pull it off.
With fingerprint scans commonly used in smartphones, computers, USB devices and home and office locks, millions of users are vulnerable. The security team acknowledged that successfully breaking and entering a device through biometrics was fairly complex. But they were nevertheless able to achieve the feat with a readily available 3-D printer that recreated a finger and print with a simple mold and glue.
The proliferation of low-cost 3-D printers made it easier for malicious actors to bypass fingerprint barriers. Their use "made it possible for anyone to create fake fingerprints," Talos researchers said. "Moreover, with the democratization of the usage of fingerprint authentication, the impact of biometric data copies is even bigger than in the past."
General consumers may be reassured that hackers must overcome significant barriers to break through security—they must obtain a user's fingerprint and then the user's device—the likelihood of being targeted is not high.
"The results show fingerprints are good enough to protect the average person's privacy if they lose their phone," Talos researchers said. But they cautioned, "However, a person that is likely to be targeted by a well-funded and motivated actor should not use fingerprint authentication."
The testers found that Mac products were more vulnerable to biometric override than units running Windows 10. But they noted that they were able to make more attempts at breaking into Apple iPads because they knew the codes to override the five-entry limit on fingerprint attempts. Without those codes, their success rate would have been notably lower.
https://techxplore.com/news/2020-04-d-printers-override-biometric.html
With fingerprint scans commonly used in smartphones, computers, USB devices and home and office locks, millions of users are vulnerable. The security team acknowledged that successfully breaking and entering a device through biometrics was fairly complex. But they were nevertheless able to achieve the feat with a readily available 3-D printer that recreated a finger and print with a simple mold and glue.
The proliferation of low-cost 3-D printers made it easier for malicious actors to bypass fingerprint barriers. Their use "made it possible for anyone to create fake fingerprints," Talos researchers said. "Moreover, with the democratization of the usage of fingerprint authentication, the impact of biometric data copies is even bigger than in the past."
General consumers may be reassured that hackers must overcome significant barriers to break through security—they must obtain a user's fingerprint and then the user's device—the likelihood of being targeted is not high.
"The results show fingerprints are good enough to protect the average person's privacy if they lose their phone," Talos researchers said. But they cautioned, "However, a person that is likely to be targeted by a well-funded and motivated actor should not use fingerprint authentication."
The testers found that Mac products were more vulnerable to biometric override than units running Windows 10. But they noted that they were able to make more attempts at breaking into Apple iPads because they knew the codes to override the five-entry limit on fingerprint attempts. Without those codes, their success rate would have been notably lower.
https://techxplore.com/news/2020-04-d-printers-override-biometric.html
No comments :
Post a Comment