Futuristic eye-scanners and voice-activated doors aren't just the stuff of Hollywood spy thrillers. We can now unlock devices with our faces and thumbprints; biometric technology is the new normal. It’s often presented as the easiest and safest way to protect a smartphone or a high-security location. After all, no one can steal your fingerprints…right?
Perhaps it’s not so simple. Have we really considered the implications of storing and using biometric data? It may be convenient, but is it safe?
Biometric identification is a system that helps recognize a person based on their unique physical features. In this article, we'll be referring to those features as “biometric data”.
There are over 20 unique identifiers including fingerprints, facial features, and vocal characteristics. We’ll look at these and others in more depth later on.
Biometric technology is used to authenticate an individual’s identity. This is already a feature in many personal devices, but it’s also employed for additional security in highly-restricted areas. Governments and corporations are turning to biometric authentication to protect both physical and digital locations.
Regardless of who is using them, all biometric security systems will contain three key elements:
The process of authentication is quite simple; let’s take the example of a smartphone with a fingerprint sensor. When setting up the biometric security system, you provide your fingerprint and your device stores this data for future use. Now, before accessing the phone, the system will compare your fingerprint with the one on its database. If they match, you can unlock your phone.
Below is a list of the most popular biometric identifiers and how the authentication works in each case.
Hollywood movies depict biometric data as a virtually impenetrable defense. The criminals in these fictional stories often have to resort to using a victim’s severed finger or eyeball to bypass security.
Of course, the reality is far less macabre. Criminals don’t need to chop anyone's limbs off to get around biometric sensors. Still, these representations are indicative of the misconceptions that many people still have. Let’s dispel some of the myths that persist around this subject:
It is not. You upload selfies to the internet, you’re filmed on the street, and there are hundreds of documents that contain your signature. Most of the popular biometric identifiers like your voice, face, and fingerprints can be extracted remotely. If you use social media, all of these physical features may be completely accessible to criminals through your photographs and videos.
You might own your fingerprints and your voice, but you're not the only one who has access to those uniquely personal elements.
It's true that the biometric data you use to open apps and unlock devices is not easily obtainable. In most cases, it's stored as encrypted binary code rather than image files. However, a simple rule applies here: recorded data is hackable data. There's no doubt that cybercriminals want your biometric data, and have ways and means of obtaining it — and these methods will only become more sophisticated as time goes on.
Biometric authentication can seem like a modern evolution of the old-fashioned password but it’s far from impregnable. In 2014, hacker Jan “Starbug'' Krissler proved this when he used photographs to recreate fingerprints from the now president of the European Commission, Ursula von der Leyen. With these 2D images, he was able to unlock her smartphone. You know what could have prevented the hack? A password. Nevertheless, biometrics can greatly improve your security as one layer in multi-factor authentication.
Let’s leave hackers aside for a moment; there are plenty of other reasons to be concerned about widespread biometric data use.
For one thing, there’s corporate abuse. Private companies, like facial recognition startup Clearview AI, scrape the internet for facial images and then sell the data to the highest bidder. Over 2200 organizations — including universities, law enforcement agencies, and supermarkets — use Clearview AI’s 3 billion-photo database, without any accountability or oversight.
Compounding the problem is the fact that biometric identification isn't always reliable. The New York Times recently highlighted the case of a black man from the US who facial recognition systems misidentified. This technical error resulted in the man facing real jail time.
Then there was a 2018 incident in Australia. Police there tried to identify potential criminals following a football match, and their facial recognition tech misidentified 92% of those profiled. “No facial recognition system is 100% accurate under all conditions,” a police spokesperson explained. Worried? Well, you should be.
Biometric data seems to be here to stay, and its use will only grow more prevalent in the future. However, a security-first mindset and some common sense could still help you protect yourself from the negative repercussions of this tech.
Want to stay up-to-date with the latest cybersecurity news? Subscribe to our newsletter below!