Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 31 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Fingerprint and facial recognition security vulnerabilities demonstrate the need for a different approach

by The Gurus
August 25, 2017
in Editor's News
Share on FacebookShare on Twitter

Aspect Software argues for a more nuanced and holistic approach to customer security in light of investigation into the vulnerability of fingerprint and facial security

A Daily Mail investigation into the strength of various technologically driven alternatives to the basic password has revealed the ease with which malignant actors can bypass these systems. According to Aspect Software, this affirms the need for organisations to approach their customer’s security with more nuance and from a more holistic perspective.

The investigation saw security consultants at Security Research Labs in Berlin successfully bypass an iPhone’s fingerprint sensor to enter the phone, and subsequently manipulate facial and voice recognition security systems on various banking apps to gain access to these apps’ functionality. This was not done with specialised equipment, but by using items that can be purchased on Amazon for less than £45.

Keiron Dalton, Global Program Senior Director, Aspect Verify, commented on the investigation and its implications: “With a little ingenuity and inventiveness, the much-heralded high-tech security measure of fingerprint and facial recognition were revealed to have some key vulnerabilities. These kind of security technologies do have benefits over conventional passwords, whose weaknesses are demonstrated by recent research from Aspect. We found that 88 per cent of customers who have experienced at least one fraudulent incident on their bank account in the last year recall needing to use some form of password or PIN to log in to their accounts.

“By contrast, the benefits of fingerprint and facial expression include ease of use and reduced vulnerability to basic social engineering, they are also open to rudimentary workarounds. For example, facial recognition technology usually looks for blinking as a way to ensure that it isn’t simply being shown a picture of the intended person. The security consultant, however, was able to simply bypass this by running a pen momentarily in front of the picture, creating a “blink” effect that fooled the system

“The bare truth is that the more parts of security that you leave on the customer’s side, the more friction you introduce into their experience and the more open you leave your system to gamesmanship and social engineering from malignant actors. This is why it is vital to have a system in place that verifies many angles of security from a holistic perspective without directly involving the customer,” he said.

Keiron concluded by talking about how organisations should approach security with more nuance: “The importance of multi-factor authentication in today’s multi-channel, digital world is well-documented, but too often this is confined to approaches that require the customer to intercede. There are subtler ways to introduce extra layers of security that doesn’t expose the system to social engineering. For example, publicly available mobile data can be used to help banks to step up authentication by determining variables such as geo-location of the user, call divert and SIM Swap detection. These sophisticated methods are less vulnerable to the kind of clever work arounds used in this case, and do not interfere with the customer experience.”

FacebookTweetLinkedIn
Tags: biometricsCybercybersecuritysecuritytechvulnerabilities
ShareTweetShare
Previous Post

Researcher spots uptick in WAP-billing Trojan-Clickers

Next Post

New Research Reveals 68 Percent of IT Organisations Have No to Modest Confidence to Manage Digital Threats

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information