Using biometric authentication — scanning your face to unlock your smartphone or using your fingerprint to open your banking app — is often recommended as a safe way to protect one’s device, privacy, and data. Researchers at NordVPN, however, said they have unearthed 81,000 compromised digital fingerprints on underground cybercriminal forums, revealing that modern biometrics storage methods are vulnerable to various attacks.
Adrianus Warmenhoven, a cybersecurity expert at the VPN company, noted that while biometric data is more secure than passwords — you can always change a compromised password. Your face, your fingerprint, your voice, though, is a different story.
Moreover, as Warmenhoven puts it: “all recorded data is hackable.”
“That makes biometric information a valuable target for cybercriminals, and hacking of this type of data becomes a popular way of identity theft,” he added.
The Rise of Biometric Data Threats
Traditional methods to swipe fingerprints — like skimming tools on ATMs or other fingerprint scanners — have seen a decline, while newer techniques now pose fresh challenges, NordVPN said.
The rise in deepfake technology — phony images or videos created with artificial intelligence tools — is being used to help cybercriminals exploit users’ social media content. Cybercrooks can use public selfies, videos, or other social media content to craft counterfeit identifiers like faces, voices, and even fingerprints and leak them on the dark web, NordVPN said.
Worse yet, hackers and crooks can use those biometrics to dupe authentication processes for different apps and services.
“While we are the owners of our own faces and voices, we are not the only ones with access to them. Over the years of being active social media users, people left so much biometric data that with the current capabilities of artificial intelligence to create deepfakes, it becomes a weapon against our privacy. Only this time without our initial consent,” Warmenhoven said.
Biometric Data Vulnerable to Data Breaches
NordVPN noted that biometric data used to unlock devices is usually safe thanks to its encryption. These are usually devices and apps from trusted developers and companies. But nothing is ever truly bulletproof.
“Nevertheless, even if biometric data is stored on the server or cloud of a reliable app developer, it is much more vulnerable because there is always a risk of a data breach. Moreover, a biometrics hacking attack can be done through interception during data transmission between the user’s device and storage,” NordVPN said.
Of course, users should also be wary of entering biometric data into unfamiliar, unreliable, or even possibly malicious apps or developers.
“But opening apps with biometric data or allowing them to use it is not always a safe solution. Sometimes users hand in their biometrics without knowing who the app’s developers are and how they use collected data,” NordVPN added.
Safeguarding Your Biometric Data
According to NordVPN, guarding your sensitive biometric data starts with thinking about which apps and companies you trust with that data, as well as how you secure your device and internet ecosystem.
NordVPN recommends users:
- Consider if you should opt to use biometric data at all, and scrutinize the apps and companies behind biometric data storage if you decide to do so.
- Use at least one factor of authentication and strong passwords across all of your online accounts.
- Use a high-quality VPN to encrypt your internet connection to stop hackers from intercepting your biometrics on compromised networks.
For more cybersecurity exclusives, follow us on X (Twitter), Threads, and Mastodon!
