Cybersecurity: Fingerprint Reader and sophisticated ransomware are new hacking threats

Cybersecurity: Fingerprint Reader and sophisticated ransomware are new hacking threats

A massive cyberattack that struck 300,000 computers in 150 countries earlier this month has begun to slow, but experts warn there is more to come — including the ability to hack fingerprint scanners and readers.

Stuart Okin, a senior vice president of product at 1E, a cybersecurity firm that helps companies keep software up to date, said “It is going to get worse before it gets better because we've becoming more reliant on technology. More sophisticated attacks will be hard to prevent.'

The latest hacking threats were WannaCry, a type of ransomware, and Adylkuzz, malware that takes over computers and servers to solve complex math equations that mine, or create, virtual currencies like Bitcoin. Ransomware encrypts the computer files and demands payment to get them decrypted.

Each malware is known as a worm, malicious software that spreads from connected computer to computer without the user needing to click on a link or download a file.

According to Steven Grossman, vice president of strategy at Bay Dynamics, a cybersecurity analytics company “Currently, these threats are targeting businesses and organizations, but consumers may also be targeted threats. The best protection is to buy software from reliable sources, install updates, and use anti-virus and firewall software, and back-up.”

Grossman told CNBC, 'I don't think I would ever advise anybody to pay a ransom, but the reality is if you're worried about losing your family photos, losing your financial information, and you have no backups, you may be in a difficult situation and try to pay it,'

You may think your fingerprint is unique, but hackers may be able to use vulnerabilities in smartphone fingerprint readers.

Researchers for New York University's (N.Y.U.) Tandon School of Engineering discovered masterprints, digitally altered fingerprints that could match many people's fingers.

Professor Nasir Memon of N.Y.U. Tandon said, 'If I have this glove or fake hand with these master prints on it then I can unlock say 25 to 40 percent of phones.'

Here is how it works: While each fingerprint is unique, the researchers said most smartphones only use small partial prints, which make the sensors easier to fool.

'When you take a small part of it, the uniqueness tends to go down,' Memon said.

Complicating the problem, according to Memon, is that most smartphones store multiple prints of various fingers, and give you a few tries to unlock.

'It's as if I don't have to get in through one window, but 30 windows. Any one of them is left open, I'm in. To a security person, that's a problem,' he said.

The team has yet to test the research on a real phone, but instead has used computer simulations. 

Four of the masterprints that will match many fingerprints, according to N.Y.U. Tandon School of Engineering researchers.

According to Apple's Touch ID Security website, 'as every fingerprint is distinct, it is very rare to match even a small section of two separate fingerprints. The probability of this happening is 1 in 50,000 for one enrolled finger, which is much better than the probability of guessing a typical 4-digit passcode.'

According to online guidelines of Google's latest Android software, the fingerprint sensor, 'MUST have a false acceptance rate not higher than 0.002 percent.'

Professor Memon still uses a fingerprint on his own smartphone, despite his research.

'Fingerprints are very convenient. It's so nice that I just pick up a phone, I just put my finger on the start button and boom it unlocks,' he said. However, he advised caution when using fingerprints for banking and large financial transactions.

Experts believe that using a fingerprint is better than using no lock on your smartphone.

Bay Dynamic's Grossman said 'It's a matter of balancing security and convenience. How many locks do you want on your front door versus how much inconvenience do you want it to be when you enter?'

Also Read: How to protect yourself from WannaCry ransomware

Last updated:3/20/2018 12:22:19 AM


Leave Comment