Biometric technology usage is on the increase, with fingerprint ID already unlocking phones and airports rumoured to be testing similar technologies in a bid to wipe out the need for a passport.
In general, physiological and behavioural biometric data is being collected as never before, mostly thanks to the ubiquitous nature of smartphones and mobile devices.
The most popular use of biometric technology today is, beyond a doubt, fingerprint readers. Many smartphones have these readers built in, allowing users to record and verify their fingerprint in order to unlock the device without the need for entering a PIN or password.
It’s both a security and convenience feature, enhancing security by making unauthorised access more difficult as an attacker can’t simply observe a user entering their passcode. Use of this technology is now considered the norm, with those who refuse to accept it often referred to as paranoid or old-fashioned.
However, there are other, lesser known ways smartphones can be used to collect biometric data. For example:
• Cameras are used almost daily to take ‘selfies’ which can be used for facial recognition.
• Built-in microphones for voice recognition and audio signals.
• Accelerometers and gyroscopes which can be analysed to determine how a user types on screen or even walks.
Ultimately, almost every single person in a developed country is carrying the perfect surveillance device. All it takes is for a user to download an application and then its publishers have access to data from any or all of these sensors. Not only can this be an invasion of privacy, it also suggests that any services using biometric identification could be vulnerable to identity theft.
It is also worth noting that data used for biometric identification is being collected and used by organisations to profile individuals. This allows for a better understanding of people’s motives whilst creating new possibilities to influence mass audiences. Organisations are not alone in these activities, similar tactics are no doubt being actively used by governments and intelligence agencies to spy on both citizens and foreigners.
While it may be justifiably used in relation to national security and public safety, yet additional information implies that such data gathering is often part of a mass surveillance programme. This carries significant security risks.
This data must be protected against unauthorised access and misuse. That said, due to the secretive nature of the operations, it’s highly unlikely any breach would be publicly reported or even detected.
Biometric technologies can also be used to protect an organisation’s valuable assets. The challenge is in ensuring the tools are operated legally and in an ethical and transparent manner.
There have been many developments in the field of biometrics since the first fingerprint scanners and, as companies continue to embrace the technology, it is of the utmost importance they ensure all data is adequately protected against unauthorised disclosure, modification or misuse.
This is not only data about a person, but information about what makes that person unique. Used properly, biometric technologies have a great advantage but, should it be compromised, there is no reset button.
Sourced from Sandor Balint, Security Lead – Applied Data Science, Balabit