The market for biometric data systems is expected to grow from its 2019 value of 33.0 billion to 65.3 billion by 2024. What’s driving this rapid growth? Biometrics are being incorporated into more consumer devices. Government agencies are finding new applications for biometric identifiers. Enterprises are looking to biometrics to improve data security, and the technology is even beginning to play a role in the automotive industry.
With growing adoption comes a growing concern regarding biometric data security. Just how safe are biometrics, and what happens if hackers gain access to data with far more permanence than a password?
Key Biometric Data Types
Biometric data is unique to an individual, making it more reliable than passwords and other traditional methods of access control. Although fingerprints are the most well-known form of biometric authentication, identifiers may also include:
• Photo or video for facial recognition
• Physiological traits, such as hand geometry or ear recognition
• Voice recognition
• Signature identification
• Typing or navigation patterns on computers and devices
• Overall patterns in how users engage with technology
• Physical movements, such as nuances in the way a person walks
Advanced biometrics, such as brainwave scanning, are still being explored but haven’t yet hit the mainstream. Other methods, such as DNA, are more difficult to use for basic authentication purposes but have useful applications in some circumstances.
Biometric Security Technology Use Cases
The prevalence of biometric identification in everyday situations has made it almost second nature for consumers, business owners and professionals across industries. New use cases continue to appear as the technology expands and accuracy increases.
Biometrics are currently being used in:
• Law enforcement, particularly for forensic analysis and suspect identification
• Military monitoring and campaigns
• The travel industry, including passport verification and airport security
• Employee management
• Healthcare, including access to personal records
• Voter registration
• Physical access control systems for secure buildings
• Identity and access management at the enterprise level
• Financial institutions, particularly to protect financial data and prevent fraud
Potential Risks of Biometric Authentication
In light of increasing prevalence, it’s vital to understand the limitations of biometric security. Every authentication solution has flaws; therefore, biometrics must not be thought of as the final solution for data protection.
Companies and organizations seeking to implement biometrics or already using biometric identifiers should be aware that:
• Impostor attacks can exploit the inherent false acceptance rate of biometric devices to allow unauthorized access
• Spoof attacks using a replica of an authorized user’s biometrics can result in account compromise
• Poorly executed algorithms may cause higher false acceptance rates on devices like smartphones
• Tampering during collection may compromise data from the outset and prevent legitimate account access
• Insufficient security at any point during transmission or storage leaves data vulnerable
• Breaches can leak or compromise significant amounts of biometric data
Can Biometrics Be Hacked?
Breaches are perhaps the biggest disadvantages of biometrics. Because biometric data can’t be changed, any identifiers leaked in a breach remain connected to specific individuals. In the event a breach isn’t discovered for weeks or months, hackers could potentially use stolen biometrics to commit numerous malicious activities before getting caught. Perhaps more disturbing is the potential for hackers to identify and track the owners of stolen biometric data.
Vulnerabilities discovered in Suprema’s BioStar 2 security platform provide a clear illustration of how easy it can be for hackers to obtain biometric information. In 2019, researchers showed it was possible to infiltrate the BioStar 2 system and access over 27.8 million records. Fingerprints and face photos were among the identifiers readily available within the system. Whether such vulnerabilities exist in a third-party platform or an onsite security solution, hackers get easy access to some of the most personal information an individual possesses.
Protecting Biometric Data: Breach Prevention Strategies
Security practices can be tailored to minimize the risk of biometric data breaches. IT teams and cybersecurity professionals should focus on:
• Using secure passwords and strong authentication methods across systems and devices
• Storing biometric data in as few places as possible
• Maximizing security for biometric storage
• Encrypting all identification and authentication data during storage and transmission
• Maintaining proper system and device configurations
• Strengthening access rules for individuals who handle biometric data
• Removing biometric identifiers from systems when no longer needed
• Promoting security awareness among users
Businesses and organizations without dedicated security teams must consider bringing in top talent to handle any planned biometric implementation.
Because biometrics are integral to operations in numerous industries and consumer activities, a continued focus on security is vital. Businesses and organizations relying on biometrics need to understand the technology doesn’t offer a fix for every potential security issue and can suffer from serious vulnerabilities of its own. Discernment, diligence and a robust approach to data security is required for successful adoption and application of biometrics in any use case.