One in three computers (37 per cent) engaged in collecting biometric data globally faced hacking attempts in the third quarter of this year, a new report said. The devices — servers and workstations — use to collect, process and store biometric data (such as fingerprints, hand geometry, face, voice and iris templates).
Overall, a significant number of conventional malware samples were blocked, including modern remote-access Trojans (5.4 percent), malware used in phishing attacks (5.1 percent), ransomware (1.9 percent), and Trojan bankers (1.5 percent), said the team from cybersecurity firm Kaspersky ICS CERT.
“The existing situation with biometric data security is critical and needs to be brought to the attention of industry and government regulators, the community of information security experts, and the general public,” said Kirill Kruglov, senior security expert, Kaspersky ICS CERT.
An analysis of threat sources showed that the Internet is the main source of threats for biometric data processing systems — threats with this source were blocked on 14.4 percent of all biometric data processing systems.
This category includes threats blocked on malicious and phishing websites, along with web-based email services.
“Though we believe our customers are cautious, we need to emphasise that infection caused by the malware we detected and prevented could have negatively affected the integrity and confidentiality of biometric processing systems,” Kruglov added.
Threats blocked in email clients were ranked third (6.1 percent — in most cases these were typical phishing emails (fake messages on the delivery of goods and services, the payment of invoices, etc.) containing links to malicious websites or attached office documents with malware.
Like many other technologies that have lately been rapidly evolving, biometric authentication systems have proved to have significant generic drawbacks.
“The key shortcomings of biometric authentication technologies are usually caused by information security issues,” said the report.