Biometric authentication is often presented as a completely safe way to protect your devices and privacy. While experts warn that hackers can steal biometric information in various ways, including using your social media posts, researchers at NordVPN found 81,000 hacked digital fingerprints in the Dark Web forums. Moreover, the biometrics of your fingerprints or face aren’t supposed to change, so in case of an attack, your identity might be compromised forever.
“It is fair to say that biometric data is more secure than most types of authentication, such as passwords. But all recorded data is hackable. Moreover, you can change compromised passwords, but losing biometric data is already a serious issue. That makes biometric information a valuable target for cybercriminals, and hacking of this type of data becomes a popular way of identity theft,”
Says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.
The Internet Might Be Full of Your Biometric Data
There are more than 20 different types of biometric data, such as fingerprints, face, or voice. Every type of biometric information could be compromised in several different ways. One common and long-term serving method to steal fingerprints is placing a skimmer on ATMs or other fingerprint scanner machines. It collects fingerprints and creates fake versions that could be used to access devices or private information.
While still being used, a skimmer is an old-fashioned way to steal biometric data. With the rise of deepfake technology, biometric hacking has become much more sophisticated but, at the same time, more accessible for cybercriminals. By performing a biometric spoofing attack, hackers can compromise a secured system by exploiting users’ selfies, photos, and videos from social media to create fake identifiers like face, voice, or even fingerprints.
“While we are the owners of our own faces and voices, we are not the only ones with access to them. Over the years of being active social media users, people left so much biometric data that with the current capabilities of artificial intelligence to create deepfakes, it becomes a weapon against our privacy. Only this time without our initial consent,” says Warmenhoven.
Biometric data used to unlock a device is not easy to obtain because usually it’s stored in the device as encrypted binary code. But opening apps with biometric data or allowing them to use it is not always a safe solution. Sometimes users hand in their biometrics without knowing who the app’s developers are and how they use collected data.
Nevertheless, even if biometric data is stored on the server or cloud of a reliable app developer, it is much more vulnerable because there is always a risk of a data breach. Moreover, a biometrics hacking attack can be done through interception during data transmission between the user’s device and storage.
How to Protect Your Biometrics from Cybercriminals
To protect yourself from biometric hacking, Adrianus Warmenhoven advises these preventive measures:
- Think carefully before you opt to use biometric data. Even if you have the possibility, it doesn’t mean you always need to use biometric authentication. Before you allow a new app to scan your fingerprint or face, be discerning about when and where you share your biometric data and consider the reputation of the company asking you to use biometrics for authentication.
- Use biometric data for multi-factor authentication, along with strong passwords. Two-factor authentication (2FA) or multi-factor authentication (MFA) would raise your security levels.
- Use a VPN. A VPN can help secure your internet connection and prevent third parties from intercepting any biometric data you transmit.