blog.area23.at - a simple url encoder/decoder

 a simple url encoder/decoder
 http://blog.area23.at

Labels

Wirtschaft (139) Österreich (108) Pressefreiheit (89) IT (70) code (42) Staatsschulden (37) EZB (27) Pensionssystem (15) music (3) France (1)

2022-01-06

Risk of collecting biometric data

Authentication with biometric data intuitively appears extremely secure to the user, but biometric authentication is full of poisoned traps and deadly pitfalls.

Some general risks (not complete, add if you like more points)

  1. If the digital fingerprint is saved anywhere in a central database, then you can fake fingerprints, by generating a blueprint.#
  2. Same story, if the fingerprint is transmitted somewhere. 
  3. Even, if stored on local devices unencrypted or reversible symmetrically encrypted, than biometric data as fingerprints, eye scans, are great risks.
 

Some general risks (not complete, add if you like more points)

The only method of storing and transmitting biometric data is to never store them plainly or reversible encrypted. We remember all good old unix single system auth (/etc/passwd, //etc/shadow) and  crypt(3), do we? Non-reversible encryption!

Well, that's exactly what we need for all biometric data.

Example of current used hardware for fingerprint sensors (Google Pixel3)

When taking a short look at currently used biometric fingerprint sensors (case study from my on ice ground broken google Pixel3), we see some sensors with ICs like that:




Android fingerprint hardware (no matter if from high end Google Pixel or cheapest Huawei) aren't really top high end technology for biometric fingerprints.
Mostley, they are based on something similiar like MIKROE-4265 
MIKROE-4265

There are many different biometric scan detvices, from fully integrataed hardware with  own windows drivers & software like; Kensington VeriMark Desktop Fingerprint Key K62330WW

Kensington VeriMark Desktop Fingerprint Key, K62330WW

up to more hardware driven devices like at ELV.de; https://de.elv.com/search?sSearch=fingerprint


Case study: "digital gouvernement" from Austria

Digitales Amt biometrische Auth

https://play.google.com/store/apps/details?id=at.gv.oe.app
https://apps.evozi.com/apk-downloader/?id=at.gv.oe.app
https://apkcombo.com/apk-downloader/?q=at.gv.oe.app







To be continued...

Keine Kommentare:

Kommentar veröffentlichen