For years, television and movies have suggested that the future of computer security lies in biometrics. How many films have you seen where someone has used their fingerprints or a retinal scan to open up a bank vault?
Of course, for every time you saw this in a movie, chances are you also saw someone chopping off a finger as a way to gain illegal access to the same vault. Hollywood may have made this seem extremely dramatic and violent, but the reality is that these biometric scanners can actually be hacked and it only takes about $45 worth of household items to do so.
For years now, cell phones have featured security devices such as passwords and PINs (Personal Identification Numbers). When these were introduced, hackers upped their game and developed software that could run brute force attacks and generate multiple passwords until they could stumble upon the right one and have access to your phone. Then, cell phone developers came up with the idea of using biometrics. The concept behind this is sound: a human’s fingerprint is much more individual and specific than a random series of letters or a four-digit passcode.
Sadly, once again hackers have stepped up to find a way around these measures. Using a pen, glue, and some other household supplies, a thief can make a copy of your fingerprint. Once they have this, they can unlock your phone by replicating your finger on the biometric scanner.
If you think this is the stuff of movies, please realize that a German security firm has already successfully shown that this is feasible. In fact, the savvier banking apps which use facial recognition software were also able to be hacked using a simple picture of the phone owner’s face captured off of Facebook or Twitter.
Voice recognition software can also be fooled by making a recording of your voice and then using software that can duplicate you saying whatever the pass-phrase is for that app. Recently, Apple unveiled the iPhone X that claimed to have the most accurate facial recognition software on the market. This has already been hacked by a Vietnamese security firm using 3-D modeled masks for around $150, a relatively small price to pay for access to someone’s entire bank information.
For some, this might be considered an inconvenience, the loss of personal pictures or emails. But remember, your personal information can be used to figure out things like bank record or email passwords, which can make you the victim of identity theft. The truly scary part is that many of us now use our smartphone for personal banking. If a thief can break through the biometric scanner, then they can have access to all of your personal data including your checking and credit card accounts.
For now, most banks and phone developers have not directly addressed these new low-tech hacks. They point out that the act of going through all of this is very time consuming and requires so many parts of a con that it’s not worthwhile for a thief to utilize. However, this is still something that consumers should be aware of and they should take great pains to make sure that their smartphones don’t wind up in someone else’s hands.