Monday, September 30, 2013

What's worse than finding a worm in your Apple?


... you know the joke :). Why did Apple let us see half a worm in the iPhone 5S?

"A day after the iPhone 5S hit the streets, a group of hackers in Germany said they have bypassed the biometric security on Apple's new Touch ID fingerprint sensor by using "easy everyday means"." CNET, Steven Musil, September 22, 2013

Doesn't this defy the whole concept of biometric authentication? Going half way with biometric authentication is a disaster waiting to happen. No one biometric sensor stands by itself against hacking! There must be other factors in the equation in order to balance for the false acceptance nature of an individual biometric sensor and replay attacks. Be it Iris scan or Fingerprints, FingerVain or PalmVain scan, Behavioral, Face recognition or Speaker verification, there are false accepts and false rejects.

While false rejects need to be kept to a level bearable by users, insuring satisfactory user experience, false accept can't be left as a stochastic number. Like passwords and PINs, Touch ID is a stationary target. While the claim is "no two are exactly alike," the Apple iPhone 5s: About Touch ID security is misleading. There can't be a 100% guarantee that two fingerprints aren't alike at the output of a biometric sensor. Even if that was feasible, recording and replaying is a relatively easy course of attack for fingerprint sensors. If a target is stationary, it is just a matter of time until it is compromised.

Run soldier, run, bend, fall to the ground, roll, jump, hide, be on the move - don't stay stationary or you'll be injured soon! We have learned this much as soldiers. Chinese philosopher, Sun Tzu, put it concisely “... let your methods be regulated by the infinite variety of circumstances.” The Art of War, written in China more than 2,000 years ago.

At VoiSafe, we are working hard to insure an "infinite variety of circumstances". We wrap biometrics with patent pending mechanisms against replay attacks. We make our biometrics moving targets. We make them move as fast as can be, so hackers won't be able to cope with the maneuvers.

This is interesting and will definitely change the way businesses and individuals are going to combat log-in hacking and even, hacking in general.

Keep monitoring us @voisafe; a time not wasted, in search for a safer and easier log-in solution and making what matters more secured than ever before.


Dror Bukai,
CEO & Co-founder,
VoiSafe Biometrics
www.voisafe.com




















Posted by at
Labels: , , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)