Image Image Image Image Image

07

Dec

The problem with biometrics

I’ve always said that the security of biometrics is really problematic.  Once someone figures out how to hack a biometric device, it’s impossible for users to ‘change the password’.  Unlike most systems that provide authentication (e.g. passwords, SecurID tokens, drivers licenses, etc), you can’t just throw out the ‘token’ (e.g. your fingerprints or eyes) and replace it with a new one.

There have been numerous attempts to hack fingerprints in particular, such as gelatin overlays, cutting off the actual persons fingers, etc., but it seems that the ultimate hack has now come about:

From http://news.bbc.co.uk/2/hi/asia-pacific/8400222.stm

A Chinese woman managed to enter Japan illegally by having plastic surgery to alter her fingerprints, thus fooling immigration controls, police claim.

Apparently, this is quite a widespread thing and it should really worry people.   Not because of those bypassing the system, but because it’s only a matter of time before fingerprints are ‘cloned’ and innocent people are improperly accused/denied/arrested.  It’s compounded by the fact that laws and law enforcement sees fingerprints as one of the stronger ‘proofs’ of someone’s presence in a particular place.

How long before fake irises or even DNA?  Who knows, but it turns out that fingerprints are no more secure than any other form of identification.