Friday, October 2, 2015

Fingerprints stolen? - Sounds weird but it happened. Now. have you thought of the consequences?



Nice one from my all time favorite Security Guru


From the article:
The news from the Office of Personnel Management hack keeps getting worse. In addition to the personal records of over 20 million US government employees, we've now learned that the hackers stole fingerprint files for 5.6 million of them.

There are three basic kinds of data that can be stolen

  1. The first, and most common, is authentication credentials.
  2. The second kind of data stolen is personal information
  3. The third - Biometric data



The problem with biometrics is that they can't be replaced. So while it's easy to update your password or get a new credit card number, you can't get a new finger.

And we really don't know the future value of this data. If, in twenty years, we routinely use our fingerprints at ATM machines, that fingerprint database will become very profitable to criminals. If fingerprints start being used on our computers to authorize our access to files and data, that database will become very profitable to spies.

Not every use of biometrics requires the biometric data to be stored in a central server somewhere. Apple's system, for example, only stores the data locally: on your phone. That way there's no central repository to be hacked. And many systems don't store the biometric data at all, only a mathematical function of the data that can be used for authentication but can't be used to reconstruct the actual biometric. Unfortunately, OPM stored copies of actual fingerprints.

For More info:

No comments:

Post a Comment