- Security TWENTY
- Women in Security
That the latest Samsung Galaxy Note 7 mobile phone comes with an iris scanner marks the next step in biometric technology, it’s claimed. Vendors are saying that biometric sensors improve both user experience and security of mobile devices. However, the reality is that with the rise in biometrics comes the need for enhanced security, according to David Emm, principal security researcher at the IT security product company Kaspersky Lab.
He says: “For instance, it’s not that hard to compromise another person’s biometrics, such as fingerprints and iris scans, and it can even be done remotely. A German biometrics specialist Jan Krisller, who had risen to fame after hacking Apple’s TouchID, recently discovered how to copy iris and fingerprints from high resolution photos.
“Furthermore, biometrics requires the need to maintain a huge base of biometric data and associated personal details. Therefore, any security breach resulting in leakage of this information could have much more serious consequences than the theft of, for example, a password: after all, we can change a weak password, but we can’t change a compromised fingerprint or iris scan.
“Over the next few years we can only expect the use of biometric technology to increase in response to security concerns with existing methods of authentication – for example the dangers inherent in weak and/or re-cycled passwords. At the same time, we can also expect to see the biometric trend move up to the next level – in particular the development of bio-hacking.
Clearly, biometrics aren’t a security panacea. In the end, multi-factor authentication is critical – using biometrics alongside passwords or another means to verify your identity. This would mean combining more than one item from something you know, something you have and something you are to verify your identity.”
For more about the Galaxy Note 7 visit http://www.samsung.com/uk/consumer/mobile-devices/smartphones/galaxy-note/galaxy-note7/security/.
John Fernandez, Senior Legal Counsel, PPRO Group, said: “Samsung’s Galaxy Note 7 boasts iris recognition technology and provides interesting opportunities for mobile banking. Compared to knowledge based authentication, biometric solutions such as Samsung’s offer more robust security and will prove an attractive proposition to issuers in the fight against fraud. It will certainly stimulate more interest in biometric authentication and increase competition amongst other market players to develop and offer similar solutions. Add that to a greater ease of use for the consumer and over time we will continue to see a gradual adoption of biometric authentication across the financial landscape.
“However, this new technology doesn’t come without risks. Security challenges exist on the data storage side – if there is a data breach and a user’s biometric data is stolen, it can’t simply be changed like a password which would lead to serious long term issues for the affected party. Therefore, preventing the risk of such breaches and convincing tech savvy customers that data is held in as secure a manner as possible will be key to widespread adoption of the technology.”
And Charles Read, Regional Director of UK, Ireland and Benelux at OneLogin, said: “Biometrics have been an interest for enterprise IT for some time and it seems the newer authentication methods are now becoming mainstream. Yet as biometric methods continue to become more popular, the questions over their security remain. Biometrics may be more convenient for consumers but as the legal and privacy implications evolve, the related security risks with using this form of access need to be considered.
“It turns out this new wave of biometric techniques put consumers in a new kind of risk. Users can easily mitigate passwords hacks by simply changing passwords. The hack of a finger print or iris scan however can lead to a lifetime of problems for consumers as a person can’t change their fingerprint or facial geometry. The best thing to do for those looking to ensure the security of their products and consumer data should be to use biometrics as an additional layer of authentication as part of a wider Identity and Access Management (IAM) strategy.”