The battle of biometric security coming in 2018

Friday, Dec 01 2017 05:48 PM

Fingerprint sensors first appeared in smart devices in 2007 and then gained momentum as a 4-digit PIN code replacement in 2013's Apple iPhone 5S. Hailed as the future of authentication by some, fingerprint's security weaknesses were quickly exposed by the children of sleepy dads, cats' paws and gummy bears. Still, the lure of convenience today and the promise of security tomorrow has analysts predicting that mobile biometrics will be a $50 billion dollar industry by 2022. Now, nearing the end of 2017, it seems that fingerprint's reign as the most tapped biometric is nearing an end as Apple adds Face ID to the iPhone X and drops fingerprint altogether. The real question is, however, can specialized biometric hardware really solve the password problem?

Apple isn't the only one heading down this path. Hardware makers Intel and Qualcomm are also hard at work on the next generation of 3D cameras for AR and, presumably, biometric security. But, just because a sensor measures depth, doesn't mean it's inherently secure for biometrics. Case in point: I recently purchased a Dell laptop with an Intel RealSense Camera test its facial recognition security feature. I was able to use a mannequin head to enroll and login easily - in fact, on my very first try. While the system does appear to require the user be three-dimensional, it doesn't require them to actually be human--a big problem.

In biometrics, the ability to measure the presence of uniquely human traits is called "liveness." Because a spoof can reproduce three-dimensionality for a sensor, biometrics must be able to determine whether the subject is truly human or risk being fooled. If used in a mobile app, this simple exploit could allow hackers to create fake user accounts without exposing their real faces to the camera. Financial institutions' anti-fraud departments are very troubled by this because new account onboarding, Know Your Customer (KYC) and anti-terrorism funding regulations are of critical concern.

by 

Christina (Mora) Parlay

Biometrics statistician and researcher