Identity Theft: How criminals hunt for biometric data

27 сентября 2016 года

Identity Theft: How criminals hunt for biometric data

Steal your digital IDs simple. All biometric data anyway stored in digital form and transmitted through communication networks. If they suddenly find themselves in hackers hands, the problem is much more serious than intercept credit card numbers or passwords from online banking. The card can be blocked and to issue a new password to change, but the compromised biometric data - it's for life.

What is identity theft 

The phrase "identity theft" - this is not quite correct tracing from the English identity theft. In fact, it is theft "of identification" signs of man, because the person - it's character, emotions and experiences. Here we are talking about the fact that criminals could impersonate you. 
When it comes to biometrics, the first thing that comes to mind - a fingerprint. They are now actively used even in budget smartphones.
Other data copy is more complicated: it is the iris image, and voice characteristics, electromagnetic waves that generate the brain, and even then, as a man is typing on the computer keyboard (which fingers are used and with what force pushes on what how often the keys) - in combination they allow almost unerringly identify a person.
CTBC Bank (Taiwan) tests, for example, a new ATM machine that works without any cards. Instead, the system uses a scanning facial and pattern of veins.
TD Bank (Canada), together with Mastercard developed NFC-bracelet, which allows you to make contactless payments at any amount, identifying the user by a heart rhythm: to enter a PIN-code is not necessary, the bracelet works only if it is the owner.

Criminals imitate your voice   

Vulnerabilities Total votes: Modern technologies allow to simulate the tone of any voices simply writing original sample speech. Moreover, the computer can even synthesize it: try, for example, Bush-o-Matic - all introduced proposals can be reproduce George Bush voice.
Calling someone a dummy number, you can successfully impersonate another person. Criminals are willing to use this method to demand a ransom.
According to police, a popular method is: the apartment pensioners home phone (to make it more difficult to track number) receives a call. Criminals are submitted by police or traffic police, and then say, "Your son got in an accident and knocked the man he is now detained, but not to proceed with the case, we need a ransom (the reported amount of 20-100 thousand rubles)." Most importantly, after this tube pass "detained" and that is really saying, "Mother, help me, this is indeed the case," and his voice. 
Voice do like the voice of a son or daughter with a computer program, and telephone "eats" small flaws that could give a slight mismatch. The original voice of "son" is recorded in advance by calling him on his mobile phone.
Find out who is whose son is very easy with the help of the old (2000-2003) telephone database published on the Internet. As a rule, these people 30-40 years of age and older is still registered in one apartment with their parents. Moves pensioners seldom and landline prefer mobile. For redemption offender arrives directly in the apartment.

Hackers kidnapped fingerprints

Prints successfully copied half a century ago: silicone pads with the same pattern, as you have helped criminals to remain at large, "substituting" completely innocent people.
Today fingerprints easily "remove" with the help of a distance high-resolution cameras up to 6 meters, which has been successfully demonstrated in 2008 by German hackers: they printed fingerprint Minister of Internal Affairs of Germany, peresnyaty with a cup from which he drank at a press conference. Move them with a laser on silicon pads and take some action "on behalf of" official (for example, rob a jewelry store) - is simple.
Hack smartphone with paper fingerprint failed in August 2016 American expert on cyber security. The police asked them to help unlock the phone of the deceased man. His prints were in the police dossier, and made "artificial" finger on them.
Hackers do not even need physical access. Experts in computer security from FireEye spring of 2015 found a dangerous security gap that is associated with HTC One Max biometric sensors Android-smartphone, Samsung Galaxy Note 4, Samsung Galaxy S5 and Galaxy S6.
Created on smartphone image print it can be stolen by hackers and then used to access the name of its owner. 
However, as smartphones with a fingerprint mismatch save the images will eventually still have to enter a password to protect the reliability is exactly the same low, as in the usual password, and the sensor is needed only in order not to enter the password manually each time.

Drawing iris - it is reliable  

But the cases of mass hacking systems based on scanning the iris, in the new Samsung Galaxy Note 7 is not yet known.
However, experts predict that in the near future it will be done with the help of cameras ultra-high resolution (now there are modules in several gigapixel) mounted on the drones. Flying above the crowd, a drone cellphone sufficient for authorization as the eyes of several hundreds or thousands of people.