Having a password on our devices to keep our data away from prying eyes has been a part of personal tech for a very long time. But the age of passwords and pins is shifting to biometric security – that is tech that can recognize your face, voice, DNA, fingerprint, and other physical features that make you, you. Biometrics in everyday tech has really been around since Apple first showed off Touch ID in 2013, and since then, the global market for mobile biometrics has grown to over $14 billion. Nowadays many aspects of our lives can be controlled by biometrics. Nearly half of people have authenticated a payment with biometrics, most won’t use banking apps that lack biometric authentication. Over ¾ use biometrics to unlock their mobile devices, whether they be phones, tablets, or even tablets. People use biometrics as compared to traditional passwords and pins because they feel it is easier to use and more secure.
But biometric security goes beyond just physical identifiers, though physical identifiers are a big part of biometrics. Physical identifiers, such as fingerprints, facial features, retinal patterns, and vocal and speech patterns can all be spoofed relatively easily, but biometrics go beyond that. Biometrics can even identify who you are by your device usage patterns, the angle in which you hold your phone, how often you check your social media accounts, and even finger movements and gestures.
Hollywood makes hacking biometrics look easy. In Diamonds Are Forever, Sean Connery uses a fake fingerprint to fool a scanner. In Sneakers, Robert Redford hacks voice recognition with a tape of the passphrase and in Gattaca, Ethan Hawke bypasses a DNA scan with a drop of blood. With how easy biometrics seem to be able to crack, how does Hollywood stack up to reality?
Before we get to how to crack biometrics, we first have to understand what makes biometrics hard to hack. Biometrics are much more time consuming to hack as compared to hacking regular traditional passwords and pins. Biometrics are also much more difficult to hack without being noticed, and creating a fake requires a huge amount of user data. Finally, biometric tech has yet to be standardized, making each device requires its own special approach to hack it. With all of these added security benefits in biometrics, how are they still being hacked?
Fakes to fool biometrics have been done, but some are easier to fool than others. BKAV, a Vietnamese cybersecurity firm, cracked Apple’s Face ID using a mask made with a 3D printer, silicone, and paper tape. Some Android devices can be tricked with just a photo – including devices from some of the largest Android manufacturers such as Sony, Huawei, and Samsung. The new Samsung S10 features a new ultrasonic fingerprint sensor which is meant to be harder to hack, but the sensor is easily fooled by a 3D printed fingerprint placed on top.
Find out the holes in biometric security and how they are being filled by manufacturers and software designers here.