Biometrics as a form of technology has been growing rapidly. Visa Europe recently conducted a study in UK which suggested that approximately 76 per cent of the population aged between 16 to 24 years are more comfortable making payments using biometric security. Moreover, 69 per cent of this population believes that it will make their lives faster and more convenient.
Even in a country like India wherein Aadhaar – a citizen’s Unique Identification Number having registered approximately 750 million users with both their 12-digit number and the individual’s biometrics elements points towards how identity database will slowly be taken over by biometrics in the near future.
Payment giants like Mastercard are also looking towards encompassing the biometrics technology with their systems. Ajay Bhalla, president of global enterprise risk and security at Mastercard told Engadget, ‘We want to remove passwords. Passwords are a big problem for people – they keep forgetting it or they use passwords which are very simple and dumb.’
Numerous smartphone manufacturers are integrating fingerprint scanning abilities in newer devices to help ease the user experience. The most prevalent breakthrough was made by Apple back in 2013 when the company first integrated Touch ID in the iPhone 5s. Three years later, most of the premium handsets by companies such as Samsung, LG and HTC come equipped with this feature.
Biometrics through its ability to identify people using their unique physical characteristics and behaviour, has gradually established a steady business in the market. However, despite the given progress in this segment, security is still being breached through innovative methods.
Security researchers are constantly discovering loopholes within this technology. For instance, at the CCC conference in 2014, a security researcher called Starbug used a simple 3D printed mold to construct a working model of the German Defence Miniser’s fingerprint which was based on a high-res photograph of the minister’s hand.
Thus companies are turning towards other physical attributes that can still be used for authentication without being manipulated by hackers.
Iris scanning was perhaps one of the primary highlights of the Galaxy Note 7. The company made use of complex algorithms that enabled secure and faster detection. In fact places where dependable identification is critically important such as airports and military bases already make use of iris scanners. While they may seem like one of the most accurate kind of modern biometrics available, there are still problems found with the same.
The primary problem discovered with iris scanning is the live-tissue verification. Many commercially available iris-recognition systems are easily fooled by presenting a high-quality photograph of a face instead of a real face.
Moreover, when it comes to integrating this technology with smartphones, the device requires an infrared (IR) camera which is quite an expensive technology thereby making the device pricey.
Earlier this year, HSBC announced its plans to use voice recognition software to verify the identity of its customers in the UK. They were among the first in their segment to embrace biometric technology in the effort to replace passwords and other security questions.
‘The launch of voice and Tough ID makes it even quicker and easier for customers to access their bank account, using the most secure form of password technology – the body,’ Francesca McDonagh, head of retail banking and wealth management for HSBC UK told BBC.
At the same time, according to various security researchers, a sample of user’s voice can be collected in various ways including making a spam call, recording person’s voice from a physical proximity of the speaker, mining for audiovisual clips online and compromising cloud servers that store audio information.
Apple’s voice recognition application ‘Siri’ has also faced several security issues. In 2011, a China-based hacker group managed to jailbreak the iPhone 4 and run a full version of Siri which allowed them to steal sensitive information from the users who installed the app.
In fact, researchers at ANSSI, the French information security organization discovered that ‘Siri’ could be remotely controlled by any person.
The weakness of biometrics undoubtedly remains fundamental by nature. However, it is being implemented as more than a secondary form of authentication to an extent wherein biometrics may soon completely replace the standard password authentication system – the question is how soon?