Saturday, November 1, 2014

Biometric Insecurity

Judge Steven C. Frucci ruled this week that giving police a fingerprint is akin to providing a DNA or handwriting sample or an actual key, which the law permits. A pass code, though, requires the defendant to divulge knowledge, which the law protects against, according to Frucci's written opinion.

This is a very important strike against using Biometrics for security.  Use of biometrics for authentication may be OK, but security not.  A big problem is that most common users confuse the two.

The problem with using fingerprint or voice biometrics is that you leave samples of it everywhere you go. You leave your prints on glasses and door handles.  You leave your voice every time you use a phone and it gets recorded 'for customer satisfaction' reasons.  You leave a picture of your face every time you use a bank machine.  You leave your DNA whenever you use a hair brush. Any semi-savvy crook can lift it and use it against you and worst of all - You Cannot Ever Change It.

Once someone figured out how to impersonate your biometrics, that person can keep doing so forever and you cannot do anything about it, short of dying before he does.

Nowadays, banks and phone companies are starting to use biometrics for identification and authentication.  This is potentially a very bad development.

No comments:

Post a Comment

On topic comments are welcome. Junk will be deleted.