The Future of Crime - Biometric Spoofing? 134
AxisPower9 writes "What we often watch in films and television - circumventing biometric security access - is turning from science-fiction to reality. Bori Toth, biometric research and advisory lead at Deloitte & Touche, warned that biometric spoofing is a growing concern. From the article: 'We are leaving our prints everywhere so the chance of someone lifting them and copying them is real. Currently it's only researchers that are doing spoofing and copying. It's not a mainstream activity--but it will be. Many people are trying to regard biometrics as secret but they aren't. Our faces and irises are visible and our voices are being recorded. Fingerprints and DNA are left everywhere we go and it's been proved that these are real threats.'"
hmm.. (Score:5, Interesting)
Biometrics should be an *added* level of security (Score:3, Interesting)
Fingerprint: not secure
Fingerprint + password: more secure
Fingerprint + password + voice sample: even better.
There are harder biometrics to reproduce, like the thermal patterns of your face. For highly secure areas, multiple biometric keys, a memorized password, a voiceprint, plus a physical key/card would be ideal. And of course there's the good old-fashioned trustworthy security guard to make it even harder for the wrong person to get where they shouldn't be (assume you're restricting physical access).
The Gattaca Solution (Score:4, Interesting)
Blood. A mix of your DNA plus biomarkers. Of course if you've seen the movie, perhaps that too can be spoofed.
In the end, there's no truly safe solution, except for multiple layers of passwords, biometrics, DNA samples, and the like, and even then, a determined foe will find a way to breach it. What Mankind can create, Mankind can subvert.
Change my passwor... er fingerprints? (Score:4, Interesting)
sure you have 10 figures and 2 eyes, but when it comes too it you will never get ADDED security with a biometric only system.
biometric + password + keycard is the securest solution.
something you are, something you know, something you have
As the phrase goes in the banking security industry.
Those have always been the only 3 options for establishing 'trust' with an unknown entity.
Carjackers have already removed a victim's finger (Score:3, Interesting)
I guess I'd prefer to have the bad guys to use a reasonable facsimile of my finger, retina, etc. than to have them use the real thing.
Earliest reference to biometric spoofing? (Score:3, Interesting)
The first edition I've seen is dated 1928, but I think it was initially published nearer to 1900. The idea has been around for a while.
Re:Three ways to authenticate yourself (Score:3, Interesting)
something you are (fingerprints, irises, etc.)
All the credible books I've read mention this as a fallacy. Something you are is not a measurable property since it is impossible to make a copy of what a person is, fundamentally. Biometrics are simply something you have that is really hard to change. This is good in that others may have trouble changing their s to be yours, but bad in that once compromised, you're screwed for life.
Biometrics are not a good part of a secure authentication solution. They are convenient for very low security operations. The difficulty of changing them makes them useful as an additional authentication mechanism, under proper human supervision (which will probably never happen). In the way they are being applied and are ever likely to be applied, biometrics are liability and lead to false positives, sloppy authentication, and a false sense of security. Trying to characterize biometrics as a separate category from "something you have" is mostly an attempt to obfuscate what terrible "something you haves" they tend to be and to remove them from the formalized evaluations of "something you have" components. Largely this is because they are whiz-bang and nifty and sales guys can make a fortune selling them.