It will be fair to say that biometric systems are replacing traditional authentication methods and are increasingly becoming part of our every day, public lives and society. From private businesses to government offices, biometric systems serve as a backbone to attendance system and authentication for accessibility. But it's important to understand that biometric authentication systems are equally vulnerable and prone to cyber attacks as everything else in the digital, always-connected world.
As more people start adopting biometric systems, it gives bad actors a purpose to infiltrate the systems and target majority users as well as their data. In many cases, biometrics are also replacing logins and passwords. For example, in smartphones, the fingerprint reader unlock method doesn't require a user to enter a passcode or other login information all the time. Hence, of course, hackers will try to experiment with new methods to gain access to your data.
Security researchers and experts warn that assuming biometric data as a unique personal identifier that cannot be forged is fundamentally wrong and can foster a false sense of security. Accuracy of biometric data recognition and authentication can remain insufficient for many applications, researchers suggest. Biometric identification and authentication are performed by calculating whether two hash sums are equal or not, similar to password-based authentication.
There are a number of reasons why users need to be wary of the security and privacy of their biometric data. One of the most important reasons is the possibility of hackers falsifying your biometric data, which in most cases cannot be reversed. What's more, stealing or copying digitised biometric data is said to be more comfortable than the physical one. Researchers also warn that once biometric information is compromised, you cannot modify your stolen fingerprints, as is the case with stolen or compromised login passwords.
According to the Kaspersky report, 37 per cent computers performing the functions of biometric data storage, processing and collection were under malware attacks that were blocked, in Q3 2019. If you look at the graph below, you will understand that the number of attacks blocked on biometric processing system computers has decreased by 6.6 per cent since the beginning of 2019. In the Q1 2019, about 43.6 per cent of malware attacks were blocked. That number came down to 40.3 per cent in the Q2 2019.
The study also shows that internet is the primary source of threats (14.4 per cent) for biometric data processing systems, followed by removable devices (8 per cent), email clients (6.1 per cent) and Network folders (1.6 per cent). The most dangerous malware compromising biometric data processing systems is Spyware/RAT (5.4 per cent), followed by phishing malware (5.1 per cent), Ransomware (1.9 per cent) and Banking trojan (1.5 per cent).