Presentation attacks, more commonly referred to as biometric spoofing, are one of the biggest concerns many people have over using biometric authentication. Whether it’s to log into an app or authenticate a financial transaction, no one wants someone else to be able to mimic their fingerprint or face. In fact, many have sworn off biometrics in light of news stories about how easy it is to replicate a thumbprint and fool Touch ID and other fingerprint sensors with it.
But those fears may be unfounded! More experts are saying that biometric spoofing concerns are vastly overstated, even as it seems that consumers are being pushed to use their fingerprints more and more with their smartphones.
Presentation Attacks Are Expensive
On a basic level, presentation attacks may be “easy” to do on an individual basis, but if you’re trying to spoof even 100 devices, it gets exponentially harder. Even the “easy” attack where a fingerprint was created from a common printer and conductive ink cost nearly $500. Furthermore, and more importantly, a presentation attack requires the device itself. If you don’t lose your phone, it can’t be “hacked” using your fingerprint.
There’s Already Tech to Detect Them
Even beyond the cost of spoofing a fingerprint or other biometric, we have to consider evolving Liveness technologies. More companies are focused on overcoming the risk of presentation attacks due to the media frenzy around them, producing successful technologies for detecting models, photos, and other tricks hackers use to fool biometric sensors.
You’re Not a Prime Target
Of course, the simple truth is that, for the average user, hackers really don’t care about spoofing your biometrics anyway. The people that need to truly worry about being targeted by spoofing attacks are politicians, high-level executives, and others who deal in sensitive data or secrets, and these people are already using more advanced technologies to protect access to that information. For the average consumer, a hacker is more likely to target your bank or your email provider to gain access to accounts, not your phone or apps.
So rest easy, biometric spoofing isn’t as big of a deal as the fear mongers would make it out to be, and new technologies are coming out that will help put presentations attacks to bed for good.