If a hacker steals your password, you can create a new one, but if someone gains access to your fingerprint or iris data, you can hardly replace your fingers or eyes. However, a new study has shown promise with a technique that allows users to “update” their fingerprints, which could make us all safer online.
Concern about the security of using fingerprints instead of passwords has grown this month amid reports that scammers could extract close-ups of fingerprints from social media photos and “enhance them with AI”, said Money Wise. The criminals could then use the victim’s unique fingerprint ID to gain access to their accounts or launch identity theft and phishing attacks, although they would still need access to a physical scanner, like a smartphone unlock key, in order to use the cloned fingerprint.
It “sounds like the stuff out of spy novels or ‘Mission Impossible’”, Vyas Sekar, a professor at Carnegie Mellon University, told CBS News, but “in theory, it’s possible, especially if people are posting high-resolution images”.
Fortunately, a study in the International Journal of Computational Vision and Robotics has found that “irreversible identity theft” can be “largely avoided” by giving users a chance to “reset” fingerprints and other biometrics, said TechXplore.
The method is “similar to changing a password”, according to Knowridge Science Report. Rather than storing a person’s original fingerprint or other biometric information directly, it transforms their data into a protected version. To do this, it identifies unique features in a fingerprint image, such as distinctive patterns and points, and “uses mathematical methods to convert these features into a different form that is difficult to reverse-engineer”. The data is then “further scrambled and compressed” into a secure digital version.
In this form it can still verify a person’s identity, but the original biometric data is hidden. If the protected version is ever compromised, it can be “cancelled and replaced”. Even if hackers gained access to the stored information, the user would not be permanently exposed.
|