Circumvention of biometrics by intruders

The world of digital technologies is evolving and becoming easier, allowing users to access systems and secure devices using biometrics. However, providing biometric information can be inherently dangerous: malicious hackers are looking for new ways to get hold of it.

According to Intel 471 report, one of the three main methods used by hackers is document fraud. Stolen biometric data can be used for forgery of documents for real estate fraud, obtaining financial benefits, illegal immigration, obtaining loans, etc.

So, in 2020, two Iranian hackers offered to sell biometric and other identification documents related to various countries, including South Korea, Spain, Sudan, Ukraine and the United States.

One of the hackers offered a package of 76,000 national codes and biometric national cards, including driver’s licenses, identification cards, passports, personal passes and student identification cards,” the report says.

Another attacker offered 72,400 scanned Iranian identification documents allegedly received from the Ministry of Cooperatives, Labor and Social Security of Iran.

The second way is to bypass biometric protection.

Existing vulnerabilities can be used to bypass biometric identification. Such data is often used to make contactless payments or log in to government websites, and such actions can create serious problems.

In 2020, a potential attack vector was discovered through a vulnerability in Apple Pay, which could be used by an attacker to bypass biometric protection and make payments.

The “replay and retransmission” attack was used to make an unauthorized contactless payment in the amount of $ 1,350 on Visa credit cards linked to an Apple Pay account, while the phone was blocked,” the report says.

Similarly, in 2021, a vulnerability was discovered that allows bypassing biometric protection on Android devices and in the Samsung Note20 fingerprint scanner. Later that year, a vulnerability was identified in the Windows 10 Hello facial recognition system. Apparently, it allowed the use of fake images to bypass the verification process, but the risk was low due to the requirement to have access to a Windows 10 device. According to the report, there is no evidence that the mentioned vulnerabilities were exploited.

And the third way is imitation of behavioral models.

Although circumvention of behavioral fraud protection systems is not often discussed, it can cause almost as much harm as more technical attacks.

“Some banks have implemented random forest algorithms to reduce the cost of subscribing to the popular digital identification service. As a result, such ineffective encryption helped the attackers reset the parameters of the behavioral model and penetrate into the protected environment,” the report says.

As a result, the hacker managed to bypass two-factor authentication (2FA) by simulating the behavior of a twin brother, including keystrokes and mouse movements.