Unified Biometric System in Russia is not secure enough

Biometric Systems are becoming a popular way of protecting user data in Russian Federation. However, identification by unique physiological parameters does not give one hundred percent protection against hacker attacks.

In 2018, Russia adopted a Law on the creation of a Unified Biometric System.The Law allowed credit institutions to use Biometrics for remote customer identification. From the point of view of information security, this sounds dangerous..

There are three ways to identify a person's identity. First, you need to make sure that a person knows some secret (such as, a code word or PIN). This is the most common and inexpensive in the implementation mechanism. The second way is to verify a ownership of a unique thing (such as, a smart card, a key or a barcode). This is a more reliable and more expensive way of authentication. The third way is to check that a person has some unique physical, biological, physiological or behavioral characteristics (such as, fingerprints or the iris of the eye).

The third method is no longer the most secure way of identification due to hacking capabilities. It became known that hackers own technologies that allow, by recording the voice or video of any person, to synthesize his speech or impose his face on another video recording.

We believe that it is necessary to strengthen the protection mechanism of Biometric System. Hacking the System will undermine confidence in the whole System of Biometric identification in Russia. At the moment, 60% of Russian citizens are willing to provide their Biometric personal data, if this will enhance the protection of their car from theft.

from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/2NnQnYu