News

Security consultant questions effectiveness of biometrics

August 1, 2002

LAS VEGAS -- Biometrics, the security technology based on various physical identification characteristics, is flawed due to the ubiquitous nature of the human body, a security consultant told officials at the BlackHat USA 2002 security conference on Aug. 1.

Dr. Richard Smith, a security architect who has worked with the National Security Agency, said it was easy to design fake physical attributes that would fool biometrics systems. Biometrics software can scan fingerprints, the iris, or human faces to verify identification. The software has been proposed for airport security devices and some kiosk projects.

"Biometrics aren't secrets, they're properties of your body that you slough off all day long, when you're eating lunch, or driving your car, or opening the door," Smith told the conference, according to PC World.com. As a result, counterfeiters have significant access to individual biometric information

Smith cited several examples of how biometric systems have been cracked. In one instance, a Japanese researcher who created fake fingerprints in less than an hour with $10 in materials. In another, German researchers were able to fool fingerprint, facial, and iris scans through a variety of simple processes.

Smith said biometrics remained a useful security measure, but needed to work in partnership with other devices such as password- or PIN-based applications, not as a single unit.