New Book Asserts Biometric Security Is Not Hack-Proof

Global strategist Marc Goodman writes biometric security will offer many advantages, but will increasingly become a target for cyber espionage.

WASHINGTON – The rising deployment of biometrics for identity authentication and other applications will lead to increased efforts by hackers to breach the systems with potentially dire consequences, according to a new book titled, Future Crimes: Everything Is Connected, Everyone Is Vulnerable, and What We Can Do About It.

Author Marc Goodman, a global strategist who spent two decades in law enforcement and advising more than 70 countries on transnational cyber risk, purports biometrics are not as safe or foolproof as the public is led to believe. If the future of identity is all about biometrics, he writes, then the future of identity theft will involve stealing and compromising biometrics. Thieves and scammers are already hard at work circumventing these systems, Goodman asserts.

RELATED: Confronting the Cybersecurity Challenge

In an excerpt from the book posted on Slate.com, Goodman mentions the work of Tsutomu Matsumoto, a security researcher at Yokohama National University. Matsumoto has devised a method allowing him to “take a photograph of a latent fingerprint (on a wineglass, for example)” and re-create it in molded gelatin. The technique is good enough to fool biometric scanners 80% of the time. Hackers have also used every day child’s Play-Doh to create fingerprint molds good enough to fool 90% of fingerprint readers, Goodman writes.

Goodman cites research by Gartner that estimates 30% of companies will be using biometric identification on their employees by 2016. Goodman also provides examples of biometrics already in use for commercial applications, such as gym-goers at 24 Hour Fitness locations who are encouraged to use their fingerprints for identification at the chain’s clubs. Patients at New York University’s medical center don’t have to carry their insurance cards any longer since the hospital has enrolled more than 125,000 individuals in its PatientSecure system, which uses a specialized biometric scanner to measure the unique vein patterns in the palm of the hand as the primary means of identification.

While there are tens of millions of victims affected by identity theft, it is possible to get a new credit card or even Social Security number, Goodman writes. But when your fingerprints are stolen, there is no reset. They are permanent identification markers, and one snagged by hackers is out of the victim’s control forever. When your gym, mobile phone company and doctor all have your biometric details and those systems become hacked – as they undoubtedly will – remediation of the problem will prove much more difficult, if not impossible, writes Goodman.

RELATED: Integrators Meet Cybersecurity Challenges Head-on at New PSA Security Network Event

Yet governments and businesses are trying to persuade the public of the superior safety and security offered by biometrics. Still other proponents of biometric security argue it is inherently more secure because fingerprints are an immutable physical attribute that can’t be altered by criminals.

Goodman mentions criminalities that dispute such claims, including the case of 27-year-old Chinese national Lin Ring in 2009. Lin paid doctors in China $14,600 to change her fingerprints so that she could bypass the biometric sensors used in Japan’s airports by immigration authorities. In order to sneak back in, she paid Chinese surgeons to swap the fingerprints from her right and left hands, having her finger pads regrafted onto the opposite hands. The ploy worked and she was successfully admitted. It was only weeks later, when she attempted to marry a 55-year-old Japanese man that authorities noticed the odd scarring on her fingertips. Japanese police report that doctors in China have created a thriving business in biometric surgery and that Lin was the ninth person they had arrested that year for surgically medicated biometric fraud.

Click here to read the excerpt in full on Slate.com.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters