Take a look at your fingerprint; does it whorl, loop or arch? Your fingerprint is unique, not even identical twins have the same fingerprints, which is why they've been used as a crime-solving tool for decades. More recently, technology has been using your fingerprint to prove your identity to access your workplace and smartphone, but with a massive data breach identified last week, what happens when your fingerprint is stolen?
Science-fiction films are filled with plots where high-security areas are accessed using a fingerprint scanner, sometimes through clever copying means and sometimes by removing the finger from the victim!
This is the fascinating world of biometrics - systems designed to identify people either through unique physical characteristics, such as facial features, fingerprints and iris patterns, or by the way they behave, such as how they walk, sign their signature or type on a keyboard.
Over the past decade, smartphones have become incredibly smart. Not only do they house a camera, a map and more computer processing power than we sent to the moon, but many also house at least one of these sci-fi-worthy biometric scanners.
AdvertisementAdvertise with NZME.
Rather than type in a four or six-digit number to access your phone, fingerprint access is quick and simple. It works by either using an optical in-screen scanner, which illuminates the finger for a sensor to grab a fingerprint image, or an ultrasonic sound wave scanner, which creates a 3D map of your finger. For some smartphones, fingerprint scanning is already out of date and facial recognition technology is the new unlocking and authorisation mechanism. Whichever one it is, after the hardware has created an image of your fingerprint, software is then used to upload and store the information. This is used to give you secure access to the content of your phone at a later date by comparing the old image with the current scan.
Although saving a direct image of your fingerprint is the simplest way to hold the data, it is not the safest. Ideally, after your fingerprint is scanned, secure software will encrypt the fingerprint information by hashing it, which transforms the image into a string of characters that are almost impossible to decrypt.
This hashing system, although much safer, is not used by all, and this week Israeli security researchers found the fingerprints of more than one million people on a publicly accessible database. In addition to the actual unencrypted fingerprint images, they found 27.8 million records with 23 gigabytes of data, which included facial recognition information, face photos of users, usernames and passwords and other personal information. This is concerning as many systems require two-factor security where a fingerprint is required in addition to another security question. However, storing all of this data together meant that the researchers were able to collect multiple pieces of security data on an individual.
The system they hacked is used in 1.5 million locations across the world, yet most people probably have no idea how vulnerable they are when they use these technologies.
This recent research shows the need for consumers to take an interest in new "convenient" technologies and check that the systems they are using are encrypted end-to-end before giving away their personal information.
Password hacking happens all the time, and many of the large technology corporations have admitted to their customers that their username and password have been stolen. The challenge is that, unlike your internet password, once it's stolen there is no way of changing your fingerprint or your face and so nothing you can do to make it secure again.