Hacking Biometrics & Securing Authentication

biometrics authentication spoofing presentation attacksThe Weekly Cypher is specially curated to keep you up-to-date on the latest in cybersecurity, biometrics, and related news and innovations. This week’s topics are:

BBC Reporter and Twin Spoof HSBC Voice ID | BBC

BBC reporter Dan Simmons recently tested HSBC’s new Voice ID authentication solution with his twin brother, Joe. Their attack on the solutions showed that Joe was able to pass as his brother after several attempts, highlighting key flaws in the system – primarily that it allows numerous failed login attempts without locking the user out of the system. Researchers point out that a failed attempt isn’t the issue, but the system shouldn’t allow more than a handful before questioning who’s attempting to access the system. [Read More]

Galaxy S8’s Facial Recognition Tricked by Twins | Tom’s Guide

Researchers have been testing the Samsung Galaxy S8’s biometric authentication features heavily, with both the iris and facial recognition being attacked. A new test of the facial recognition showed that one identical twin was able to pass the other’s phone’s security more than half of the time. Interestingly enough, the other twin was not able to authenticate as the first when the test was reversed. [Read More]

Hackers Bypass Galaxy S8’s Iris Recognition with Infrared Photo and Contact Lens | The Verge

Iris has long been considered the most secure biometric, and many praised Samsung’s first (failed) attempt at adding an iris scanner to their smartphone offering. The Samsung Galaxy S8 has proven far more stable, but hacking group Chaos Computer Club recent showcased exactly how one could bypass the phone’s iris recognition using a digital camera with a “night mode” or infrared setting and a contact lens. With a print out of the subject’s image and a contact lens laid over the eye to provide the illusion of depth, the group was able to unlock a Galaxy S8. [Read More]

Why Is Cybersecurity Getting Worse As Spending Increases? | DarkReading

Over $18 billion was spent on cybersecurity by enterprises in 2016. However, data breaches are at an all-time high, and research shows that related cybersecurity issues are growing worse. The problem isn’t that we aren’t building better security solutions, but that the digitization of information is making it easier to access more valuable data. Plus, consumers value convenience over security and don’t follow best practices with personal privacy online. [Read More]

Are Biometrics a Silver Bullet or Skeleton Key for Security? | BankInfo Security

All the recent successful attacks on mobile biometric authentication may seem worrying, but security experts still agree that biometrics are the future. The problem lies in deploying faulty systems or not fully understanding the importance of protecting our biometric data. While researchers may be chipping away at biometric systems, we need to build safer solutions that bring the convenience of a fingerprint login and highly-secure data storage together. [Read More]