Biometric Bypasses Highlights Necessity For AI Smarts In Security

As someone who is at best clumsy when it comes to typing on a touchscreen, I am a big fan of fingerprint scanners or any other form of biometric security that unlocks my phone without the need to tap in a PIN.

So much so that prior to using the fingerprint scanner on my Samsung Galaxy S6, I was happy to simply have my iPhone 4S PIN-free, with access to my photos, contacts and other personal details a mere ‘swipe to unlock’ away.

Basically, despite writing about cyber security, I was a deeply unsecured.

Now that basically every new smartphone on the market comes sporting some from of biometric security feature, the smartphone I use, the Google Pixel XL, is far more secure than previous handsets in my possession.

Bypassing biomentrics

But, as white hat hackers keep highlighting, biometric security is simply not infallible.

German hacker collective Chaos Computer Club have proved that on several occasions, having bypassed Apple’s Touch ID on its more recent iPhones, and found a method that makes tricking the iris recognition security feature on the Samsung Galaxy S8 seem relatively trivial to any phone thief willing to invest a little more time into how to approach pilfering modern smartphones.

Things get more worrying when we move out of the smartphone world and into other areas of biometric security, such as voice recognition for telephone banking, which turns out is not beyond being breached if you happen to have a twin sibling handy.

This situation is rather concerning given the biometrics are often touted as being more secure than PINs or passwords. After all there are some people who are fairly sharp at catching a glace at four digit PINs or finding Post-It notes scattered around with password written on them.

I would argue that while biometrics are certainly not super secure, they can certainly work in tandem with PINs and shouldn’t be dismissed due to the action of some smart hackers known for their biometric bypassing prowess.

But the situation does raise questions around how we can really secure our products and data.

My knee-jerk reaction would be to advise people to be a little more savvy; keep you phone in a pocket or bag that’s not easy for pickpockets to pick and watch out for unknown people who happen to be staring a little to intently at your phone over your shoulder.

Yet beyond the use of the sadly uncommon common sense, I am lead to wonder how future phones, devices and systems will be secured in the future given how current techniques seem to still contain ways to breach them.

My bet is artificial intelligence (AI) will play a role; clever algorithms will learn a person’s specific visual characteristics, voice patterns and phone behaviour in conjunction with other biometric data like fingerprints to decide if the person trying to access a system or smartphone is indeed the person authorised to do so.

Detractors of AI and smart systems may not like this idea, and there will certainly need to be ways to ensure the development of such AIs is done in a fashion that aids people’s daily lives rather than hinder them, but I can seen no way for a single security technique to be made 100 percent robust without having some form of smart service pulling together multiple sources of data to approve or rebuke access to private machines and systems.

And hopefully a AI to handle security would also make access to devices feel more seamless, avoiding the need to tap in PINs, find awkwardly placed fingerprint scanners, and remember complex passwords.

I’m not saying that development of better biometrics should be abandoned, but I for one would like to see some tech companies experiment with AI when it comes to security, rather than leave such smart software as a mere virtual assistant to badger with often innane questions.

Do you know all about biometric technology? Take our quiz!