If you’ve grown comfortable with fingerprint scans or facial recognition as your go-to security measure, it might be time for a rethink.
A recent study by NordVPN unearthed a concerning figure: 81,000 fingerprints for sale on dark web platforms. What makes biometrics a double-edged sword is the fact that, unlike passwords, you can’t change your fingerprint if it’s compromised. It’s forever.
While biometrics are lauded for their security, NordVPN’s cybersecurity specialist, Adrianus Warmenhoven, cautions, “No data is entirely unhackable. Biometric data has become the new goldmine for cyber offenders, leading to a surge in identity theft based on these details.”
The investigation by NordVPN highlighted 20 different biometric identifiers. The frontrunners in popularity? Fingerprints, facial structures, and vocal patterns. Each, however, has its own set of vulnerabilities.
Skimming, a classic technique where devices are placed on ATMs or fingerprint scanners to capture unsuspecting users’ prints, is just one method. But as technology evolves, so do the methods. Deepfake technology, which uses images and videos from an individual’s online presence, can now craft fabricated versions of faces, voices, and even fingerprints, hoodwinking even the most robust authentication systems.
“Our faces and voices belong to us, but we aren’t the sole possessors of this data,” Warmenhoven observes. “With years of sharing on social media platforms, and advanced AI’s capability to generate deepfakes, our very identity might be weaponized against our privacy.”
Now, while the biometric data on your gadget might be encrypted and safe, there are other vulnerabilities. Malicious apps, if given access, can hijack this data. Even trustworthy apps pose risks if they store your biometric data on their clouds or servers, as cybercriminals could potentially gain unauthorized access. The data journey from your device to these servers isn’t immune either – savvy hackers could snag the data mid-transmission.
Warmenhoven’s advice? Be discerning when an app asks for biometric access. He champions the use of Two-factor authentication (2FA) or multi-factor authentication (MFA) combined with robust passwords. Additionally, employing a VPN can stave off attempts by cyber rogues to snatch data as it’s being transmitted.