Page 56 - Cyber Defense eMagazine September 2018
P. 56
56
The thing is, the biometric system has a few complications too. Firstly, it requires deliberate user behavior.
Scanning your face or finger every time you want to access your smartphones adds a friction to the user
experience. If you think biometrics is hard to compromise, then you are wrong. It’s not as secure as people
think it is. Researches came up with synthetic fingerprints for unlocking 65 percent of the smartphones.
Even an algorithm can mimic your voice with a few audio snippets and fool your biometrics just like that.
Biometrics and Passwords are vulnerable
Passwords have always been a weak link. Yes, they are hard to keep track of but people still use them
because they are easier to change if compromised. But when it comes to biometrics, in case it’s stolen, you
cannot change your face or your fingerprints, right? Ever since biometrics technology was introduced,
cybercriminals have done their research to come up with tactics and backdoors in the system to steal the
fingerprints of users. One example of that is the breach at the Federal Office of Personnel Management in
2015 that leaked fingerprints of 5.6 million people.
Security experts are worried that if more and more smartphone users start adopting fingerprints for
authentication, this could lead to a series of identity thefts. You already know that it’s possible to steal
fingerprints but do you know that facial recognition can be tricked too by using a photo on a Windows or
Samsung smartphone?
In conclusion, anyone can break into your phone even if it is password protected or requires biometrics
authentication. Who knows what a criminal can do with your personal data from there. An unlocked device
is just like a treasure chest for an unauthorized user. They can access your online banking accounts, emails,
calendar, photos, or even install a tracking app such as Xnspy to monitor your location, and online behavior.
Hackers even have a way of tapping into the Bluetooth or Wi-Fi connection of your phone, sniff your network
traffic and steal all locally stored passwords and the passwords that you type when you check into your bank
account. Crazy, right?
So what’s the future of mobile security then?
If passwords and biometrics fail to provide smartphone security, how is a user supposed to protect his
device? This question needs attention. Fortunately, companies such as BehavioSec, UnifyID, and
SecureAuth have started employing different aspects of behavioral biometrics to provide better security to
smartphone users.
Behavioral biometrics measure the patterns of user activities. The user is authenticated by what he does
rather than what he is. The machine learning algorithm gathers the smartphone sensor data and determines
the user by his personal traits such as walking gait, the way he sits, or the Wi-Fi access points his device
typically connects to. These algorithms also take into account the changes in the user behavior. Let’s say a
user sprains his ankle and that changes his gait and because of that the machine learning systems loses
confidence in authenticating him. In that case, it will then present an alternative method of authentication to
the user like a PIN or a password. This is something only an authorized individual would know.
Lots of industries (finance, travel, hospitality, e-commerce, and healthcare) have already started employing
behavioral biometrics measures. Although it’s not a foolproof method, since our behavior uniquely identifies
from the rest, it is a more secure system for authentication than what’s available so far.