Could the iPhone fingerprint fake finger attack have been prevented? – the Biometrics Institute asks for proactive adoption of spoof detection technology.
Ideas get bigger when you share them...
October 2, 2013 (www.investorideas.com newswire) Since the recent launch of the iPhone 5s there has been considerable attention on the successful hacking of the new Touch ID fingerprint scanner.
The group that has claimed success, the Chaos Computer Club from Germany , has been involved in similar biometric attacks on different fingerprint sensors going back to at least 2004.
Biometric authentication has the potential to ease the burden of security given its simplicity and usability, particularly when compared to mobile devices with little or no protection. However, as with all security measures, it has vulnerabilities.
"This attack technique of presenting a fake biometric to a biometric sensor for identity theft or concealing one’s identity is commonly known as spoofing," states Ted Dunstone, Chair of the Biometrics Institute Vulnerability Assessment Expert Group (BVAEG), "and such attacks are well known and studied."
There are a number of technologies, both software and hardware, that can be used to detect such spoofing attacks. The international community is addressing this emerging area of technology through an ISO/IEC standards project to develop data interchange formats and testing principles for software and hardware used to combat biometric spoofing (called "spoof detection" or "presentation attack detection").
"The BVAEG – a subcommittee of the independent Biometrics Institute – consists of many of the most experienced experts in this area from around the world," says Isabelle Moeller, Chief Executive of the Biometrics Institute, "the BVAEG mission is to raise awareness of the need for vulnerability detection to be included with biometric devices, to promote standards, enhance privacy protection, performance measures and testing, and to help facilitate the dissemination of new research or findings in this area."
"The iPhone fingerprint spoof uses a number of steps including laser printing the fingerprints in high resolution onto transparent film, etching onto a printed circuit board and using a latex material to make a fake fingerprint," explains Tsutomu Matsumoto from Yokohama National University, a member of BVAEG, "the current attack requires the lifting and processing of a high quality latent fingerprint at high resolution in order to make a successful spoof. These factors should be considered when assessing this attack's impact under realistic usage scenarios."
Ralph Breithaupt from the Federal Ministry for Information Security, Germany who is also a member of BVAEG confirms that "all security technologies have flaws, including PINs and passwords, and when subject to a determined attack none will guarantee absolute security. Security relies not only on one factor but combines them, such as relying on a PIN and fingerprint."
The Biometrics Institute encourages manufacturers of equipment that include biometrics sensors to be proactive in adopting spoof detection technology to maximise the chance of successfully rejecting a biometric spoof, and also recommends government agencies and top-level decision makers be aware of the need for appropriate biometric vulnerability testing and certification as they consider both the risk and the convenience of the security mechanism(s).
A next workshop of the BVAEG will be held in Gaithersburg in late March 2014. Email Isabelle to find out more.
The Biometrics Institute is the independent and impartial international forum for biometrics users and other interested parties with currently over 130 member organisations including government departments, financial services institutions, health service providers and also vendors of biometric products and services.
It has been established to promote the responsible use of biometrics technologies. The Biometrics Institute has offices in Australia and the UK .
Published at the Investorideas.com Newswire - Big ideas for Global Investors
Disclaimer/ Disclosure:The Investorideas.com newswire is a third party publisher of news and research as well as creates original content as a news source. Original content created by investorideas is protected by copyright laws other than syndication rights. Investorideas is a news source on Google news and Linkedintoday plus hundreds of syndication partners. Our site does not make recommendations for purchases or sale of stocks or products. Nothing on our sites should be construed as an offer or solicitation to buy or sell products or securities. All investment involves risk and possible loss of investment. This site is currently compensated by featured companies, news submissions, content marketing and online advertising. Contact each company directly for press release questions. Disclosure is posted on each release if required but otherwise the news was not compensated for and is published for the sole interest of our readers. More disclaimer info: http://www.investorideas.com/About/Disclaimer.asp
BC Residents and Investor Disclaimer : Effective September 15 2008 - all BC investors should review all OTC and Pink sheet listed companies for adherence in new disclosure filings and filing appropriate documents with Sedar. Read for more info: http://www.bcsc.bc.ca/release.aspx?id=6894. Global investors must adhere to regulations of each country.