Privacy
protection systems and securing phones and personal computers from the hands of
abusers have been a subject of continuous development for years, and with the
great development of biometric technologies in recent years, smartphone
manufacturers have resorted to taking advantage of these technologies to raise
the levels of protection systems in their devices to provide more security And
privacy for its users, instead of using passwords and fees to unlock and
operate phones and PCs, the majority of modern devices are now protected by
methods that use biometric authentication technologies such as fingerprints, iris
fingerprints and face prints.
These
technologies gave some comfort to users and also gave them a false sense of
absolute security and privacy. Are these security systems really devoid of
vulnerabilities? Do our phones provide absolute protection as we imagine? We
answer this question below.
What is biometric security?
The
concept of biometric security or secure access to information using biometric
authentication usually refers to those electronic devices, smartphones, and
software that are associated with sensors that measure certain behavioral and
biological characteristics of individuals, such as two-dimensional fingerprint
sensors for example, and these biometrics are used to identify people and users
in a way Automatically before unlocking and launching phones and apps to give
them secure access to control their phone’s data and information while
preventing other hackers and hackers from accessing it.
Biometric
authentication using fingerprints is the most popular biometric security
technology because it is less expensive compared to other methods. Among the 2D
fingerprint sensors, multispectral sensors are often a better option than
optical sensors despite being slightly more expensive as they have higher
accuracy and more reliable performance.
Biometric
authentication systems other than fingerprints use other biometrics such as
iris print, finger vein print, palm print, and face print. Iris fingerprint
systems are by far the most accurate, followed by palm venous fingerprint
systems. In order to understand how different biometric security methods work,
let us take as an example biometric authentication using the face print, which
is used by many smartphones today, especially the iPhone.
Biometric authentication using a face print
Apple,
which specializes in the design and manufacture of electronics and computer
software, was the first to add this feature to its smartphone products when it
launched its iPhone X on November 3, 2017, where the user feeds the phone's
artificial memory with one or several photos of the face through the front
camera, The device then analyzes it and uses its data to automatically identify
the user each time the phone is unlocked.
This
type of smartphone is based on its analysis of the user's face image on a
technology known as "3D face recognition", which may be very similar
to the game "Pin Art Toy", as the device extracts the distinguishing
features of a person's face (such as the curves of the eye sockets, the nose,
and chin) in which the shape of tissues and bones is clear so that it does not
change over time or even with the difference in lighting in the image and
converts it into algorithms, and the algorithm is a series of mathematical and
logical steps that aim to obtain a result through programming.
Each
time the phone scans the user's face in a 3D scan through the front camera, the
phone's algorithms compare the data extracted from the features of the person's
face with the data it has previously saved and if it matches it, the phone is
opened and turned on for that person.
The
accuracy and efficiency of the facial recognition process can also be enhanced
by combining 3D facial recognition technology with high-precision analysis of
skin texture, in which the phone extracts additional data using the front
camera in what is known as a skin fingerprint by measuring the distances
between facial lines and the shape of skin pores. The feel of the actual skin.
Facial
recognition technology was initially used in the fight against crime; To find
criminals, dangerous people, and suspects in crowds. After the events of
September 11, 2001, the US government used it to check the passports of
immigrants or travelers to it at airports, and then used by banks and banking
institutions in automated teller machines to protect the accounts and money of
customers, and then it was used later to combat election fraud in some
countries To prevent individuals from casting their electoral votes more than
once. In 2011, the social networking site Facebook added a feature that uses
the same similar technology that can identify the identity of people in photos
and suggest that the user tag their accounts when publishing the photos in
which they appear.
Do our fingerprints and faces fully protect our phones?
Now
back to our main question, which we already answered in the introduction to the
article, despite the great benefits of biometric authentication such as ease of
use and the convenience of being able to unlock and lock our phones using
fingerprints and faces instead of old security methods such as forgotten
passwords or the possibility of Access by other people other than the original
user, but these methods give the user a false sense of absolute security as
they have some gaps and weaknesses, and they may expose the user to several
problems that may prevent him from opening his phone smoothly at times, and the
following are the most important of these the problems:
Accuracy
Although
the probability of identifying the user using his biometrics such as
fingerprints and faces is rather high, the degree of accuracy has not yet
reached 100%, and there are still false acceptance or false rejection rates for
people, and each of these technologies can be individually affected by several
factors Factors and conditions such as ambient light and the cleanliness of the
sensor surface.
degree of privacy
Laws
and regulations in some countries such as the European General Data Protection
Regulation (GDPR) prevent any vital data of individuals from being kept in
central non-governmental databases as highly sensitive personal data, and then
phones keep this information to a limited extent in access cards by regulations
and laws If the device’s memory is erased, damaged, or this data is lost for
any reason, it cannot be restored and it is, therefore, difficult to restore
access and operation of the phone.
Biometric failure in some cases
Different
biometric technologies suffer from shortcomings in some cases. They fail to
retain a person’s fingerprint in the case of severely dry skin or skin tissue
distortion, for example, or fail to retain an iris print in some cases of eye
diseases, which means that there are few users Unable to lock and unlock their
phone using these methods.
Fraudulent access
Some
may sometimes succeed in unlocking and operating fingerprint-protected phones
by providing static images of the faces or fingerprints of these people, but
some systems overcome this by adding activity verification as an additional
mechanism so that the device verifies that the part of the displayed body of a
living person is present At the sensor and not for an image. Despite this, the
wrong people can still unlock the phone using the person's biometrics against
their will by placing the phone in front of their face or using the finger of
an unconscious person to unlock their phone.
Difficulty changing recorded biometrics
The
developers of biometric security systems are always keen to provide a data
encryption mechanism in smartphones to hide the data extracted from the
fingerprint, face print, iris print, and any other part of the body after
scanning so that it cannot be copied to protect it from hacking, but sometimes
hackers and hackers find Professionals have loopholes that allow them to
decrypt, access, and copy this data.
The
inability to change this data is one of the biggest problems with biometric
authentication systems that users may face. Often, a person can easily change
the password they use as soon as they discover that it has leaked to other
people, but if your biometric information has been compromised by professional
hackers, you will not be able to change it again. Unless your device is
equipped with additional high-precision scanning systems that can capture and
record more details of your biometrics.
Fortunately,
all devices that use biometric authentication add a backup key with which you
can disable the authentication system and return to using the passwords
registered to unlock and turn on the phone.
So what are the best ways to secure device and phone information?
The
aforementioned shortcomings do not mean that the protection of locking our
phones using fingerprints, face, or iris is permanently invalid, but they do
not provide a degree of 100% information protection so the best solution
remains to avoid keeping highly sensitive information on phones as much as
possible regardless of what The methods of protection used, and the use of
multi-factor authentication systems can provide a higher degree of protection
than a single-mode biometric authentication system.
Multifactor authentication systems
The
concept of Multi-Factor Authentication (MFA) refers to security systems that
rely on more than one pattern to secure the ability to access data or unlock
and turn on the phone, making it difficult for hackers or mischief-makers to
access the data as they will have to break into all of these patterns at once.
. The two-factor authentication system is the most popular type of multi-factor
authentication system, which combines two types of protection such as relying
on protection using a password and a security code sent in a short message via
e-mail or a pre-registered phone number or combining two types of protection
using measurements biometrics such as voiceprint matching and facial
recognition.
Summary
| Phone protection systems that rely on biometrics such as fingerprint, face,
or iris do not provide 100% protection from the hands of abusers for several
reasons, the most important of which are:
● Biometric techniques used in phones are not 100% accurate and
there are still possibilities of error represented in the wrong acceptance of a
non-matching fingerprint or the wrong rejection of the fingerprint of the real
user.
● There
are many fraudulent ways to get around biometric authentication systems such as
unlocking phones using photos of faces or fingers, or using the finger of a
person who is asleep or unconscious.
● It
is difficult to record the different biometrics of people in some cases, such
as severe dry skin and eye diseases, which prevents these people from using
these systems.
● Of
course, you cannot change your fingerprint or face. If a professional hacker
can hack your phone and obtain a copy of your biometric data, you will not be
able to reset these measurements unless your phone has systems that extract
additional data more accurate and detailed than those already recorded.
The
use of multi-factor authentication systems, which are based on more than one
protection mode at the same time instead of relying on a single pattern, is one
of the best solutions available to raise the level of protection for phones
from hackers and cyber-hackers and to provide more security for access to
highly sensitive data and information.