Charlie’s Angels, James Bond or Ethan Hunt could not have done it any better. British researcher Matthew Lewis recently unveiled a mechanism that captures fingerprints used for secured access in doors and computer systems. And he did not even have to dodge bullets or wear prosthetics to do it.
Universally known as biometrics, it is the study of methods for distinctively recognizing humans using one or more fundamental physical or behavioral qualities. Perhaps the most popular form of biometrics is fingerprint recognition technology, which is slowly gaining use in laptop computers, smart cards, and employee identification.
Lewis, who works for Information Risk Management, demonstrated his proof-of-concept device during March’s Black Hat Amsterdam conference. The researcher believes that despite biometrics’ reputation as a suitable replacement instead of a mere supplement for existing security protocols, it will soon serve as a bane for users and companies alike.
Dubbed as a biometric keylogger, or biologger, Lewis demonstrated how he, by means of a man-in-the-middle laptop, was able to intercept unencrypted transmissions between a certain access control device and a back-end server. Using a certain algorithm, he was able to reconstruct an image of a fingerprint that can be used to unlock computers or building doors. Furthermore, he was able to issue commands on to the said access control device such as adding new users with full administrative privileges without using a valid fingerprint ID.
Despite some limitations in his study, Lewis was pretty clear in his message that biometrics is not the immaculate end-all solution that people may perceive it to be. So long as biometric technology and its surrounding infrastructure are vulnerable, the threat of biologging looms in the horizon. The surprising indication of biometric data going about unencrypted should be a worrying item on developers’ to-do lists. True to Isaac Asimov’s words, good Hollywood science fiction is indeed based on real science.