Take a look at your fingerprint; does it whorl, loop or arch? Your fingerprint is unique, not even identical twins have the same fingerprints, which is why they’ve been used as a crime-solving tool for decades. More recently, technology has been using your fingerprint to prove your identity to access your workplace and smartphone, but with a massive data breach identified last week, what happens when your fingerprint is stolen?
Science-fiction films are filled with plots where high-security areas are accessed using a fingerprint scanner, sometimes through clever copying means and sometimes by removing the finger from the victim!
This is the fascinating world of biometrics – systems designed to identify people either through unique physical characteristics, such as facial features, fingerprints and iris patterns, or by the way they behave, such as how they walk, sign their signature or type on a keyboard.
Over the past decade, smartphones have become incredibly smart. Not only do they house a camera, a map and more computer processing power than we sent to the moon, but many also house at least one of these sci-fi-worthy biometric scanners.
Although saving a direct image of your fingerprint is the simplest way to hold the data, it is not the safest. Ideally, after your fingerprint is scanned, secure software will encrypt the fingerprint information by hashing it, which transforms the image into a string of characters that are almost impossible to decrypt.
This hashing system, although much safer, is not used by all, and this week Israeli security researchers found the fingerprints of more than one million people on a publicly accessible database. In addition to the actual unencrypted fingerprint images, they found 27.8 million records with 23 gigabytes of data, which included facial recognition information, face photos of users, usernames and passwords and other personal information. This is concerning as many systems require two-factor security where a fingerprint is required in addition to another security question. However, storing all of this data together meant that the researchers were able to collect multiple pieces of security data on an individual.
The system they hacked is used in 1.5 million locations across the world, yet most people probably have no idea how vulnerable they are when they use these technologies.
This recent research shows the need for consumers to take an interest in new “convenient” technologies and check that the systems they are using are encrypted end-to-end before giving away their personal information.
Password hacking happens all the time, and many of the large technology corporations have admitted to their customers that their username and password have been stolen. The challenge is that, unlike your internet password, once it’s stolen there is no way of changing your fingerprint or your face and so nothing you can do to make it secure again.