Authentication with biometric data intuitively appears extremely secure to the user, but biometric authentication is full of poisoned traps and deadly pitfalls.
Some general risks (not complete, add if you like more points)
- If the digital fingerprint is saved anywhere in a central database, then you can fake fingerprints, by generating a blueprint.#
- Same story, if the fingerprint is transmitted somewhere.
- Even, if stored on local devices unencrypted or reversible symmetrically encrypted, than biometric data as fingerprints, eye scans, are great risks.
Some general risks (not complete, add if you like more points)
The only method of storing and transmitting biometric data is to never store them plainly or reversible encrypted. We remember all good old unix single system auth (/etc/passwd, //etc/shadow) and crypt(3), do we? Non-reversible encryption!
Well, that's exactly what we need for all biometric data.
Example of current used hardware for fingerprint sensors (Google Pixel3)
When taking a short look at currently used biometric fingerprint sensors (case study from my on ice ground broken google Pixel3), we see some sensors with ICs like that:
Android fingerprint hardware (no matter if from high end Google Pixel or cheapest Huawei) aren't really top high end technology for biometric fingerprints.
Mostley, they are based on something similiar like MIKROE-4265
There are many different biometric scan detvices, from fully integrataed hardware with own windows drivers & software like; Kensington VeriMark Desktop Fingerprint Key K62330WW
up to more hardware driven devices like at ELV.de; https://de.elv.com/search?sSearch=fingerprint
Case study: "digital gouvernement" from Austria
https://play.google.com/store/apps/details?id=at.gv.oe.app
https://apps.evozi.com/apk-downloader/?id=at.gv.oe.app
https://apkcombo.com/apk-downloader/?q=at.gv.oe.app
To be continued...
Keine Kommentare:
Kommentar veröffentlichen