Whilst biometric authentication represents stronger security, it is still not proof against all attacks. Whilst trusted biometric technology is rolled out extensively, the personal nature of data derived directly from the human will become the new target for hackers. Europol released a report teaming up tech experts with practitioners, warning of the potential exploitation of biometric identification systems.
With the threat of deepfakes and presentation attacks, law authorities should be aware of the ways newly installed systems can be compromised. Unlike passwords which can be reset, biometric data is very personal and permanent, meaning it needs to be protected securely for instance with homomorphic encryption to prevent its theft.
Once stolen, biometric identifiers can not be changed.
“It is important to realise that biometrics from one system, containing weak data, may be used to attack another system. Therefore, any theft of biometric data may increase the threat for other biometric systems, regardless of how secure they might be themselves”.
Whilst the use of biometrics is heavily regulated in law enforcement, authorities should follow recommendations to raise awareness of biometric vulnerabilities, monitor the threat landscape and develop counter-measures in biometric recognition technologies.
