A new study shows the dangers of stolen or leaked biometric data. Trend Micro warns that exposed biometrics pose a serious authentication risk for a variety of digital scenarios, including the metaverse.
A large amount of biometric data is published on digital platforms every day. These include facial, voice, iris, palm, and fingerprint patterns that can be used to fool authentication systems. Images and audio content posted daily on social media and messaging platforms, news sites and government portals become valuable assets for cybercriminals. A new study by Trend Micro wants to draw attention to these dangers and stimulate a dialogue in the IT and IT security community about how such risks can be avoided.
Stolen or leaked biometric data
There are numerous attack scenarios that show how threat actors can use stolen or leaked biometric data. For example, personal data can be used to create deepfakes and even influence polls or elections. Cyber criminals also have the ability to authenticate fraudulent transactions, fake accounts, or online purchases.
In addition, connected devices such as virtual or augmented reality (VR/AR) headsets pose a threat. Manipulated by threat actors, they serve as a tool to bypass authentication systems. After all, anyone who is able to pretend to be a real person can easily gain access to online banking accounts, cryptocurrency transactions or highly sensitive company data.
Authentication is exploited
Biometrics play a much more important role today than they did a decade ago. Technological advances also open up new ways for threat actors to exploit them:
- Quality of the data: Higher resolution of smartphone cameras, support of 4K videos and high-resolution images by media platforms, the cloud, data mining and artificial intelligence or machine learning (AI/ML) functions lead to an increase in risk.
- Public safety: Surveillance cameras can track people based on facial recognition algorithms. These are trained using data uploaded by users to social media.
- Individual security: The data can also be used for identity theft or deepfaking, particularly of public figures, or for government surveillance.
- Attacks on accounts: While financially motivated misuse of this data is relatively rare today, its magnitude will increase over time as authentication barriers continue to fall.
“The use of biometrics is widely advocated as a safer and simpler alternative to passwords. However, unlike passwords, physical characteristics cannot be easily changed.", explains Udo Schneider, IoT Security Evangelist Europe at Trend Micro. "So a compromise has long-term effects on the user. A hijacked profile therefore has similar consequences as gaining full access to a PC today.”
More at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.