/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
/socialsamosa/media/member_avatars/uFf1SrIk167BQ4yXdoHx.png )
Follow UsPOTSDAM, USA: With its fingerprint-identity sensor, Apple's new iPhone 5S has raised awareness of biometric-based security for mobile devices. Unfortunately, it didn't take long for hackers to spoof the biometric sensor used to unlock the 5S, but software from an upstate New York technology company -- NexID Biometrics - safeguards users' devices against such vulnerabilities.
"Any fingerprint-authentication platform is vulnerable to some degree unless bolstered at its core by multi-factor security that includes the ability to detect fingerprint spoofing or 'liveness,' those from a living person," said Mark Cornett, COO of NexID Biometrics, a leader in biometric-authentication-software solutions.
With an SDK that integrates with other fingerprint-scanning software, NexID Biometrics specializes in supplying solutions that elevate the effectiveness and mitigate the vulnerability of biometric-authentication security. Cornett will illustrate NexID Biometrics' capabilities at this week's global Biometrics Exhibition and Conference 2013 in London.
The TouchID capability is one of the highlighted features of the Apple 5S but the ease and quickness with which hackers broke through the security system via spoofing has heightened the attention given to the fingerprint-authentication attribute.
Although TouchID is restricted to unlocking the 5S and making purchases of iTunes and other Apple Store items, the hacking episode has ignited a debate over the feasibility of using biometric authentication for highly secure activities on mobile devices, such as financial transactions, mobile purchases and access to confidential information.
"Like most biometric modalities, fingerprints are not secret, and can be lifted from a variety of surfaces by a determined individual," said Cornett. "Once a latent print is acquired, a mold can be produced from a variety of common materials, and used to spoof the target device into authenticating an unauthorized user. Other biometric modalities such as face, iris, voice and palm have their own vulnerabilities to spoofing attacks.
"Yet, it would be wrong to conclude that biometrics are not useful for securing mobile devices from unauthorized use," he said.
Cornett explained that while the technique hackers used to spoof the Apple 5S is fairly straightforward and the materials they used are readily available, they are just two examples of the many combinations of techniques and materials that NexID Biometrics uses to test the vulnerability of various fingerprint sensors currently on the market.
From these tests NexID is able to produce and continually improve its anti-spoofing software to effectively thwart spoofing attacks like the one that targeted the Apple 5S. NexID licenses this technology to fingerprint sensors of varying technologies, applications and markets, including those embedded on mobile devices, he said. The company encourages developers to incorporate NexID into their fingerprint identification or other biometric authentication mobile apps.