It is a reality that, in these times, our face, voice and digital fingerprints are becoming stellar factors in the care of the citizen's identity.
Whether through the local readers of each device or software independent of the hardware of our phone, the truth is that it is already common to unlock an application using the fingerprint or smiling at the camera. Around these new methods, myths have been created about which it is necessary to make certain clarifications.
Fingerprint readers or facial recognition applications are proprietary systems of the phone and so far, no one can ensure that the biometric data captured can leave the phone: they are designed to be executed, and provide functionality, only within the device. While it is true that any mobile application developer can make use of them, access is given in order to verify that the person who put his fingerprint or is in front of the camera is indeed "one of the authorized users on the phone". Even so, the developer cannot guarantee the specific identity of the user.
Having clarified this point, there are also myths about accessing information using hacking techniques, emulating the citizen, the real owner of the device, or stealing biometric data, in many cases called "minutiae". It is key to address this issue from three perspectives:
Technological. Two internationally renowned companies, such as Apple and Samsung, had their biometric systems breached just days after launch, with techniques that mimic the owner or user enrolled in the system. On the other hand, the hardware of most devices cannot evaluate whether the fingerprint comes from a finger that is alive or from a mask, a doll or a video in 4K definition, since they capture images in two dimensions (2D).
Transactional. In order to correctly define the risk level of such implementation, it is necessary to evaluate the type of transactions to be authorized with this identity authentication method, the functionalities provided to the user and what modifications of personal, confidential and proprietary data it will allow.
Impact. However, once the recognition system, whether fingerprint or face, is breached, the impact is much lower than you might think, as it only grants access to the most common phone transactions, usually associated with very personal behavior.
The main goal of this kind of implementations is to avoid massive attacks and the theft of biometric or confidential data, or libraries with billions of faces from all over the world.
About VU - http://www.vusecurity.com is a company specializing in the development of cybersecurity software, with a focus on fraud prevention and identity protection. Its mission is to deliver frictionless and secure digital experiences for both citizens and companies. It is the only company in the region aligned to best practices in international authentication, member of FIDO Alliance, OATH and OIC. Founded in 2007, it has offices in Argentina, Chile, Uruguay, Ecuador, Colombia, Costa Rica, Mexico and Peru.
Follow us on social networks:
Facebook: https://www.facebook.com/vusecllc/
Twitter: https://twitter.com/vusecurity
LinkedIn: https://www.linkedin.com/company/vu-security-sa
Author: Sebastian Stranieri
Connect