56



          The thing is, the biometric system has a few complications too. Firstly, it requires deliberate user behavior.
          Scanning your face or finger every time you want to access your smartphones adds a friction to the user
          experience. If you think biometrics is hard to compromise, then you are wrong. It’s not as secure as people
          think it is. Researches came up with synthetic fingerprints for unlocking 65 percent of the smartphones.
          Even an algorithm can mimic your voice with a few audio snippets and fool your biometrics just like that.

          Biometrics and Passwords are vulnerable

          Passwords have always been a weak link. Yes, they are hard to keep track of but people still use them
          because they are easier to change if compromised. But when it comes to biometrics, in case it’s stolen, you
          cannot  change  your  face  or  your  fingerprints,  right?  Ever  since  biometrics  technology  was  introduced,
          cybercriminals have done their research to come up with tactics and backdoors in the system to steal the
          fingerprints of users. One example of that is the breach at the Federal Office of Personnel Management in
          2015 that leaked fingerprints of 5.6 million people.

          Security  experts  are  worried  that  if  more  and  more  smartphone  users  start  adopting  fingerprints  for
          authentication, this could lead to a series of identity thefts. You already know that it’s possible to steal
          fingerprints but do you know that facial recognition can be tricked too by using a photo on a Windows or
          Samsung smartphone?

          In conclusion, anyone can break into your phone even if it is password protected or requires biometrics
          authentication. Who knows what a criminal can do with your personal data from there. An unlocked device
          is just like a treasure chest for an unauthorized user. They can access your online banking accounts, emails,
          calendar, photos, or even install a tracking app such as Xnspy to monitor your location, and online behavior.
          Hackers even have a way of tapping into the Bluetooth or Wi-Fi connection of your phone, sniff your network
          traffic and steal all locally stored passwords and the passwords that you type when you check into your bank
          account. Crazy, right?

          So what’s the future of mobile security then?

          If passwords and biometrics fail to provide smartphone security, how is a user supposed to protect his
          device?  This  question  needs  attention.  Fortunately,  companies  such  as  BehavioSec,  UnifyID,  and
          SecureAuth have started employing different aspects of behavioral biometrics to provide better security to
          smartphone users.

          Behavioral biometrics measure the patterns of user activities. The user is authenticated by what he does
          rather than what he is. The machine learning algorithm gathers the smartphone sensor data and determines
          the user by his personal traits such as walking gait, the way he sits, or the Wi-Fi access points his device
          typically connects to. These algorithms also take into account the changes in the user behavior. Let’s say a
          user sprains his ankle and that changes his gait and because of that the machine learning systems loses
          confidence in authenticating him. In that case, it will then present an alternative method of authentication to
          the user like a PIN or a password. This is something only an authorized individual would know.

          Lots of industries (finance, travel, hospitality, e-commerce, and healthcare) have already started employing
          behavioral biometrics measures. Although it’s not a foolproof method, since our behavior uniquely identifies
          from the rest, it is a more secure system for authentication than what’s available so far.