After working for more than a decade on hands-on research projects in biometrics recognition technology, I decided to quit because biometrics recognition is inherently probabilistic and can NOT yield deterministic 'yes/no' results in authentication like text passwords and PINs.
- Moreover, biometrics spoofing technology has progressed at an alarming pace.
- There are so many other problems of biometrics recognition!
Many inconvenient questions about biometrics remain unanswered!
- Is the security-lowering biometrics recognition fit to be used for KYC?
- Why biometrics companies are hiding the security-lowering traits in public statements? Maybe, they invested too much money, so they can't come back and discard the business just because the technology is faulty!
- Why the mainstream news media are not making the facts public? Maybe, they got money from the biometrics companies, including the big tech corporations that promote biometrics because they have stakes in the biometrics business!
- Why have most governments in the world adopted biometrics despite biometrics being a security-lowering authentication system? Maybe, they are allies to the big tech corporations promoting biometrics!
- Why the banks and some cryptocurrency payment systems adopted biometrics as a parallel authentication factor? Because, they know biometrics can create problems, and thus passwords/PINs remained the default authentication system!
There is no doubt that biometrics recognition in banking and cryptocurrency payments may create catastrophic problems!
Aadhaar is a broken digital identity project in India that uses biometrics!
-
Adopting biometrics as an authentication factor made Aadhaar a pain for Indian citizens! They lose money almost every day from their bank accounts!
-
Daily, poor citizens lose money from their bank accounts due to fraudulent Aadhaar Enabled Payment System (AEPS) transactions authenticated by fingerprint spoofing.
We may call it Aadhaar-enabled biometrics theft and biometrics spoof based banking fraud.
Unfortunately, Aadhaar has been causing plenty of harm to Indian citizens, such as fraudulent banking transactions and money withdrawals through Aadhaar-enabled Payment System (AePS), biometrics theft, and fingerprint spoofs.
Citizens face frequent errors in Aadhaar's biometric authentication system due to high false rejections and false acceptances.
Biometrics is a security hole in every authentication system that adopted it.
Biometrics makes the Worldcoin crypto project inherently security vulnerable.
Biometrics is inherently probabilistic and hence unreliable and lowers the security of authentication of humans.
-
As a result, biometrics technology makes the Worldcoin crypto project inherently security vulnerable.
-
In my humble fifteen-plus years of hands-on research investigations in different biometrics modalities, I consider the biometrics crypto project Worldcoin a big mistake.
If the biometric data are stolen or hacked?
The biometric database may be leaked or stolen, as in the case of the Aadhaar project in India. Then, the biometric signatures in that database are in the hands of the criminals. They can make use of that data. They can try to create duplicate biometric objects for use.
Duplicate fingerprints created on thumb like objects can be used to fake as real thumb
The high-resolution pictures of fingerprints can be utilized to synthesize artificial thumb-like objects made up of rubber with exact copies of the 3D fingerprints.
Not only that, the rubber thumbs can also be equipped with an electronic vibrator that can pass the liveness sensor of the fingerprint sensors.
Face images may easily be grabbed/stolen from the social media
Face images are abundantly available on social media. So criminals don't need any special trick to hack face images. Face images may also be captured remotely from public places.
Even a 3D face shape may also be sensed and reconstructed from suitably captured multiple face images The stolen face images and 3D printed face mask may be used to beat the face recognition systems. Reports show that it is indeed possible to break the face recognition tests. Security researchers used 3D face musk to crack the 3D face ID of iPhone X.
Iris images may be extracted from HD images of faces for spoofing
It has been shown by a security researcher that high-resolution prints of face images can give an optimum resolution of iris images sufficient for spoofing iris recognition systems.
Samsung Galaxy S8 iris scanner has been defeated by a group of German hackers. Here, an artificial eye is created using a print of the eye and a contact lens, which is used to match the curvature of the eye. So, the iris recognition system may easily be fooled by faking iris images.
Are the behavioral biometric traits safe and secure?
Behavioral biometrics, such as voice and speaker recognition systems, may appear as safe.
HSBC Bank tried voice recognition as security in 2016 which failed miserably.
Behavioral biometrics, such as voice and speaker recognition systems, may appear as safe. However, research reports say that mimicry attacks may act as threats to voice and speech recognition.
News Source: BBC
You can view the video clip of how one of the twin-brother couples logged in to his brother's HSBC bank account, accessed funds, and executed a financial transaction. The voice of one brother broke open another brother's account by mimicking his brother's voice. Any expert voice mimicry artist probably can do it for several account holders!
The future of digital identity is not as simple as the industry projects
- A section of the FinTech industry is aggressively speaking for a "biometrics-only" system. Several use cases are being researched and tested with biometrics as passwords.
Some results are positive because biometrics technology is improving.
- But the biometrics spoofing technology is also improving at an alarming rate.
- Newer and more innovative spoofing systems can break almost every type of biometrics including iris scans, 3D face ID, or palm vein patterns.
The only remaining technology is brain wave-based biometrics.
However, brain wave sensing technology has not at all matured enough for reliable human identification and authentication.
But, biometrics recognition is probabilistic, and can't yield deterministic "yes/no" results like text passwords.
------------
About me
I am a researcher and contribute to the overlapping areas of STEAM (Science, Technology, Engineering, Arts, and Mathematics). I am an active user and promoter of GNU/Linux, free and open-source software. I develop cybersecurity and information security solutions, specifically graphical authentication security.
Cheers!
Text Copyright © 2025 Debesh Choudhury — All Rights Reserved
Join me at
YouTube, Twitch, CashRain, Odysee, LinkedIn, Twitter, Publish0x, ReadCash, and Facebook.
Earn passive income by sharing unused Internet bandwidth with Grass and Honeygain.
Cover Image: I created a cover using my texts and a copyright-free image from Pixabay.
All other images are either drawn/created/screenshots by myself or credited to the respective artists/sources.
Disclaimer: All texts are mine and original. Any similarity and resemblance to any other content are purely accidental. The article is not advice for life, career, business, or investment. Please do your research before you adopt any options.
Unite and Empower Humanity.
biometrics cryptocurrency banking security spoof authentication digitalidentity
Tuesday, March 18, 2025
