Data Driven Futures

Biometrics Institute warns of innovative spoofing

Written by Hannah McGrath
29/08/2019

The Biometrics Institute has warned of the risks of hackers spoofing identification technology with 3D face masks or fake silicone fingerprints.

The independent body for public and commercial users of biometrics stated that such data could be obtained either directly or covertly from a person online or through hacked systems and used to attack a biometric system through the creation of fake identification.

A biometric spoof that is detected when presented to a biometric sensor is known as presentation attack detection. The specific detection of whether a sensor is viewing a live biometric - as opposed to a recording, picture or another non-living spoof - is commonly known as its liveness.

A new guidance document issued by the institute outlined the heightened risk of spoofing attack for those involved with biometric technology operations, explaining that attackers might use a printed photo, an image or video of a person on a tablet, or even present a 3D mask or fake silicone fingerprint.

The document is the result of consultation with the Biometrics Institute Security and Integrity Expert Group (BSIEG), which comprises a broad spectrum of security and authentication specialists from around the globe.

Isabelle Moeller, the Biometrics Institute’s chief executive, said: “Spoofing attacks pose a high security risk for those involved with biometric technology operations, so mitigating the risk and understanding presentation attack detection better is a priority for our members and stakeholders.”

Ted Dunstone, head of the BSIEG, explained: “When it comes to good practice in biometrics, testing for vulnerabilities and accuracy, alongside privacy and IT security, are key areas for review – seriously considering the risk of a presentation attack and devising appropriate countermeasures is highly recommended.”