Proof that biometric authentication systems are not secure after over one million fingerprints leaked

Proof that biometric authentication systems are not secure after over one million fingerprints leaked

It’s well publicized that passwords are one of the weakest points of cybersecurity. And we couldn’t agree more.

But, did you know biometric authentication – identifying and authenticating individuals based on physical characteristics such as fingerprints or facial recognition – could be even more susceptible to cybercrime than using passwords?

It has been revealed this week thatover one million fingerprints and other sensitive data have been exposed by biometric security firm, Biostar 2. It’s not only fingerprints that have been stolen, but also photographs of people, facial recognition data, names, addresses, employment history and records of when they had accessed secure areas.

This latest cybercrime has exposed the vulnerability of biometric technology and revealed the potentially devastating consequences of a stolen physical identifier.

By its very nature, biometric profiles are inherently public. If a person has ever entered a place where there are public cameras, chances are that their face is on record somewhere; when they make a phone their voice may be recorded; and fingerprints are left everywhere a person touches.

Takethis example of EU Presidential candidate Ursula von der Leyen having her fingerprints recreated by a hacker using high resolution photos too highlight the weakness of fingerprint authentication. 

The previous narrative around biometrics is that it is an extremely secure method of authentication. But now we have the evidence that it’s not true – it’s just as hackable as passwords, if not more so. And once a hacker has a person’s physical identifier, they can easily gain access to an account that requires biometric authentication.

Most worryingly, the impacts of hacking biometric data can be far more devastating than having a password or credit card details stolen. False passports, legal documents or criminal records could be created If part of a user’s identity is stolen. 

And, a physical characteristic cannot be changed so once the biometric data has been breached, the hacker has it forever. A person’s eye or fingerprint can’t be replaced with a new one!

So if biometric authentication is even more vulnerable than using passwords, then what is a better, more secure option?

At Cyberus Labs, we have eliminated the threat of stolen credentials by deploying one-time code technology for complete security. Our products Cyberus Key and ELIoT Pro, stop one of the major threats to cybersecurity – the need for passwords between people, machines and devices – to provide ultimate protection to users, devices and data. 

By combining secure Human to Machine (H2M), and Machine to Machine (M2M) authentication and communication with lightweight encryption, our end-to-end cybersecurity solutions offers complete protection and peace-of-mind.

Cyberus Key is also universal and agnostic to circumstances, languages, lighting and any other environmental changes. With our authentication technology, you do not have false negatives or false positives that is commonplace with biometrics. Plus, the Cyberus Key one-time codes cannot be replicated, reused, or used for a different operation other than the one they were emitted to serve so they are ultra-secure.

So, to avoid becoming a victim of cybercrime, It’s time to move away from vulnerable passwords and biometric technology and come and find out more about our universal, easy-to-use and secure cybersecurity solutions. 

For more information about the privacy risks associated with biometric authentication, please also see our white paper.