Threat actors are exploiting your biometric data: here is what they can do with it
The world of digital technology is evolving to become simpler, allowing users to access systems and secure devices using biometric scans. But providing biometric information can be inherently dangerous, with malicious hackers exploring new ways to get their hands on it.
From iris scans and facial recognition to fingerprint authentication, biometric technology is becoming widespread – and it has earned the reputation of being relatively safe. But threat actors are learning, and considering the high value of such data, they will start pursuing it more actively, according to the report by Intel 471. Here are the three main ways in which they can use it.
Stolen biometric data can be used for forging documents for property fraud, claiming financial benefits, illegal immigration, taking out loans, and more.
The report details an incident that took place in 2020, with two Iranian hackers proposing to sell biometric and other identification documents related to various countries, including South Korea, Spain, Sudan, Ukraine, and the United States.
“One actor advertised a package of 76,000 national codes and biometric national cards, including but not limited to drivers’ licenses, identification cards, passports, personal badges, and student identification cards,” the report reads.
The other threat actor offered 72,400 scanned Iranian identification documents, supposedly coming from Iran’s Ministry of Cooperatives, Labor, and Social Welfare. Attached screenshots showed evidence of national identity cards with biometric data and birth certificates.
Bypassing biometric protection
Existing vulnerabilities can be exploited to bypass biometric identification. Such data is often leveraged to make contactless payments or sign in to state websites, which can create serious problems.
In 2020, a potential attack vector was discovered through a vulnerability in Apple Pay, which could have been used by a threat actor to bypass biometric protection and make payments.
“The ‘replay and relay’ attack was leveraged to make an unauthorized contactless payment of U.S. $1,350 on Visa credit cards linked to an Apple Pay account while the phone was locked,” the report suggests.
Similarly, in 2021, a vulnerability allowing to bypass biometric protection was disclosed on Android devices and in Samsung Note20’s fingerprint scanner. Later that year, a vulnerability in the Windows 10 Hello facial recognition system came to light. It seemingly allowed to use spoofed images to bypass the verification process, but the risk was low due to the requirement of having access to a device with Windows 10. According to the report, there is no evidence that the mentioned vulnerabilities were exploited.
Imitating behavioral patterns
Although not as prevalently discussed, bypassing behavior-based anti-fraud systems can cause almost as much harm as more technical attacks. According to Intel 471, bypassing such identification is commonly discussed between cybercriminals.
“An actor has claimed some banks implemented random forest algorithms to reduce the cost of a popular digital identity subscription service. This less effective encryption contributed to the threat actors’s ability to reset behavioral pattern parameters and enter protected environments,” the report suggests.
As a result, the malicious actor managed to bypass the 2FA authentication by mimicking his twin brother’s behavior features, including keystrokes and mouse movements.
More from Cybernews:
Subscribe to our newsletter