Kaspersky raises the alarm on the security of biometric data

Almost without our realizing it, biometric authentication systems have become the standard. Most likely, the first thing we do on waking up is to use fingerprints or face scan to unlock the phone, a gesture that we repeat frequently during the day every time we have to access the smartphone.

Not only that: recently in many airports, the documents have been secondary, since the authentication of the passengers takes place through facial recognition. But are we sure it’s a good idea? According to Kasperksy, it is not the best choice in terms of safety.

Violations of databases containing biometric data

By now, we hardly pay attention to the many credential thefts that have affected more than one company. We are aware of the need to use different passwords for the various services and to change them frequently to increase security.

Since biometric authentication systems have started to spread on smartphones and notebooks, the trend is to rely on fingerprint sensors or the integrated camera to access devices, convinced that this is the safest way. Is it really? Not necessarily.

Kaspersky notes that 37% of the computers used to collect and process biometric data have undergone at least one attack attempt. This is information that appeals, and in the past, we have already witnessed sensational thefts of information like this. In 2015, hackers attacked the Office of Personnel Management USA, managing to steal 5.6 million fingerprints.

It is not just hackers who worry. Recently, it was discovered that the Biostar 2 archives, also used by the British police, was inadequately preserved: a 23 GB archive containing fingerprints and facial recognition data was exposed to the public. The data was not even encrypted, but kept in the clear.

If it were a password, it would be enough to change them to stay safe, but once the biometric data is compromised, there is very little we can do.

” Our research shows that the current biometric data security situation is critical and needs to be brought to the attention of industry control authorities, government authorities, the community of cyber security experts and users in general. ” – said Kirill Kruglov, senior security expert, Kaspersky ICS CERT. ”

Although we believe that our customers are cautious, we must emphasize that the infection caused by the malware that we have detected and prevented could have negatively affected the integrity and confidentiality of the systems of biometric processing. This is especially true for databases that contain biometric data, and that are not equipped with any protection system. ”

A ring to protect yourself

Given the importance of biometric data and above all the impossibility of being able to replace them in the event of ” theft “, Kaspersky has sought a way to combine the simplicity of access typical of biometric authentication with greater security.

The solution is so simple when effective: a ring created in collaboration with the designer Benjamin Waye, on which fingerprints are ” printed “. A convenient accessory to carry, discreet and elegant.

Inside it does not pulsate with any technology, but instead of having set a diamond or some other precious stone, it is equipped with an artificially created and randomly generated 3D pattern that simulates fingerprints, avoiding the need to use ours.

The advantage of this approach is that if we were to find that footprint has been compromised, just replace the ” stone ” of the ring with a new random pattern. Just like you would a password.

” The ring is just one of the possible ways we have been available to tackle today’s problems related to cybersecurity in the biometric field and certainly does not represent the definitive solution ” – said Marco Preuss, Director of the Global Research – Analysis Team, Europe, by Kaspersky.

” A definitive solution will entail the creation of measures and technologies that truly guarantee the protection of the unique identity of people. A solution of this type has yet to be developed and, to be honest, the current state of studies relating to it.

Security in the biometric field has not yet reached such a maturity. Considering, the growing adoption of this type of technology, we thought it was extremely important to start a debate within the companies concerned, so as to develop an approach as soon as possible collaborative that is able to lead to effective protection of this type of data “.