The Economic Times
12,128.90-119.35
Stock Analysis, IPO, Mutual Funds, Bonds & More

The dark side of biometric authentication: Hackers using malware to steal fingerprints & sensitive data

Biometric data has eased the burden of remembering passwords, but is it truly safe?

, ET Bureau|
Dec 13, 2019, 06.57 PM IST
0Comments
iStock
With biometric passwords gaining currency, the burden of recollecting complex password combinations has reduced.
With biometric passwords gaining currency, the burden of recollecting complex password combinations has reduced.
The use of biometric data for authentication is not new. Fingerprints, Iris scans, facial recognition, and voice-based identification are all used as substitutes for the humble password. With more services moving online, the human brain is now burdened with storing more than a dozen passwords - alphanumeric codes that serve as tokens of admission to the digital world.

With biometric passwords gaining currency, the burden of recollecting complex password combinations has reduced. This has inadvertently made biometric data a valuable commodity on the grey market, a master key that can pick any lock. And hackers have been queueing up, if data collated by Kaspersky is to be believed.

The cybersecurity firm found that 37 per cent of computers that had Kaspersky installed faced at least one attempt of malware infection in Q3 2019, aimed at extraction biometric data. Some of these malware attacks, which used techniques like phishing (5.1 per cent), ransomware (1.9 per cent), Trojans (5.4 per cent), and Trojan bankers (1.5 per cent), were repelled. The findings were published in a report by Kaspersky ICS CERT.
Biometric access has become an integral part of most workspaces in both public and private sector firms.
Biometric access has become an integral part of most workspaces in both public and private sector firms.

“Our research shows that the existing situation with biometric data security is critical and needs to be brought to the attention of industry and government regulators, the community of information security experts, and the general public.

“Though we believe our customers are cautious, we need to emphasize that infection caused by the malware we detected and prevented could have negatively affected the integrity and confidentiality of biometric processing systems. This is particularly the case for databases where biometric data is stored, if those systems were not protected,” said Kirill Kruglov, senior security expert, Kaspersky ICS CERT.

Biometric access has become an integral part of most workspaces in both public and private sector firms, be it for maintaining attendance logs or for securing access to classified files. However, hackers have been keeping pace with developments in encrypting biometric information, putting at risk authentication systems that use this technology.

The report found that the internet remains the main source of threat, followed by localized actors. Threats emanating from the internet were blocked on 14.4 per cent of all biometric data processing systems, including phishing websites and web-based email services. Removable media devices accounted for 8 per cent of all attempts to distribute worms that download spyware and remote-access Trojans after infecting a computer.

Security, Messenger, Artwork: Apps For Parents To Stay Connected With Their Kids

of 7
Next
Prev
Play Slideshow

Super Apps For Superheroes

15 Jun, 2018
When work takes the jet-setting father halfway around the globe, these applications make sure the little one never feels separated. (Text: Rajarshi Bhattacharjee)
Next


Comments
Add Your Comments
Commenting feature is disabled in your country/region.

Popular Categories


Other useful Links


Copyright © 2020 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service