Biometrics – the science of using our unique personal characteristics to confirm our identities – is no doubt cool. The slick technology has captured our imaginations in movies like Minority Report, Gattaca, and National Treasure, to name a few. But these same movies also point out biometrics’ vulnerabilities.
In Minority Report, for instance, Tom Cruise bypasses the retinal scanners placed throughout the city by undergoing eyeball replacement surgery (drastic but effective). In Gattaca, Ethan Hawke uses the hair, skin, and blood of another human being to trick the frequently administered “gene tests.” And Nicholas Cage in National Treasure gains access to the Declaration of Independence by pulling a thumbprint off of a champagne glass and using it to bypass a fingerprint scanner.
Breaking through biometrics in real life
The guys on MythBusters wanted to try and break through a biometric system in real life (check out the video below). They successfully unlocked a door equipped with a fingerprint scanner. They first covertly stole a fingerprint of an authorized user, then re-created it using three different methods: latex, ballistics gel, and a photocopier. All three methods worked. (The key was licking them to simulate sweat.)
Facial recognition technology can be manipulated as well. Duc Nguyen demonstrated this at February’s Black Hat Conference in Virginia by waving a photo in front of the scanner. You can either take a picture yourself, or snag one off of a social networking site like Facebook. Quality and resolution don’t matter, says Nguyen. Simulate eye movement by moving the picture in front of the camera, and voila, access granted.
It’s not always quite this simple, but you get the idea. No matter how high-tech the security system, it can be bypassed with enough time, money, or talent. We continue to create more advanced security measures, and hackers continue to rise to the challenge. It’s a never ending game of cat-and-mouse.
Multiple security methods
Just because it can be bypassed, though, doesn’t mean we should abandon biometrics as a useful security measure. Pair the technology with strong password protection, for instance, to create a double layer of security. While a little more inconvenient for the user, dual-security measures give even the best hackers a run for their money.
Combining biometrics with token authentication offers even more security. For instance, a company could embed laptops containing sensitive information with fingerprint scanners, and supply employees with RSA SecureIDs that are matched to their unique fingerprints. To log in to the laptop, employees swipe their finger on the reader, and upon a successful fingerprint match, a tokencode is generated on the SecureID. They type in the tokencode to gain access.
Of course, a system like this isn’t cheap, and it requires maintenance. It’s up to each individual or corporation to decide how valuable their data is, and how much time and money they should spend to protect it.