The Biometrics Institute has released a guidance document called “Top 10 Vulnerability Questions” to its members and key stakeholders which is designed to clarify frequently asked questions about the spoofing of biometrics.The guide focuses on “fake biometrics” issues such as a case earlier this year where fingerprints were allegedly captured from a distance with a high resolution camera.”We have been following the research of fake biometrics very closely and with great interest,” said Isabelle Moeller, chief executive, Biometrics Institute, “most recently claims have been made that you can steal fingerprints with only a camera as presented at the Chaos Computer Club Conference in Germany in December 2014″.The BI asks in the document if examples such as this really have practical utility for hackers or other criminals, terrorists.”Even if it is possible, the question remains if it is worth the effort required compared to other traditional ways that security can be breached, for instance by stealing passwords?”The Top 10 Vulnerability Questions guiding document will also address questions such as whether a biometric can be stolen, what mitigation may be considered and what to do should this ever happen.It was designed to demystify some of the regular headlines around biometric spoofing, but more importantly, it will serve as a discussion paper for the Biometrics Institute members and stakeholders to raise awareness about the importance of vulnerability assessments and that mitigation is available.”The Biometric Vulnerability Assessment Expert Group (BVAEG) – a subcommittee of the independent Biometrics Institute – consists of many of the most experienced experts in this area from around the world,” says Dr Dunstone Head of the BVAEG of the Biometrics Institute.”The BVAEG mission is to raise awareness of the need for vulnerability detection to be included with biometric devices, to promote standards, enhance privacy protection, performance measures and testing, and to help facilitate the dissemination of new research or findings in this area.”Biometrics can provide a higher level of security than pins and passwords but as with all security measures, biometrics have vulnerabilities that need to be addressed, notes the BI.
Biometrics Institute tackles spoofing in new guidance
