Our Biometric Data Is Still at Risk. Why?

As companies rush into the biometric identification market, cybercriminals are also waiting at the gates. Is our sensitive data safe?

Futuristic security robot guarding a safe, as many red eyes watching in a dark glitchy background.
Created by Gabor Kovacs from DailyCoin

Elon Musk’s X will start collecting our biometric data for, as they say, “safety, security, and identification purposes” from September 29. Sam Altman’s Worldcoin scans human irises to create the world’s largest identity and financial network.

In the digital age, digital identification is the only way to separate our true selves from fake ones, and biometrics has become a critical security attribute that makes digital identification possible.

Sponsored

But as businesses race to set foot in the market, cybercriminals are also waiting at the gates. Biometric data is a sought-after commodity on the black market, and the question is, are we ready to ensure sufficient safety for our most sensitive private data?

Biometrics Make Digital IDs More Secure 

As our lives increasingly migrate into the digital realm, a microscopic element, invisible to the naked eye, gains prominence: our genes, a unique part of DNA that makes each of us one of a kind. This genetic code defines our physical attributes, such as fingerprints, facial structure, retinal or vein patterns, and even our distinct way of speaking, walking, typing, or signing papers.

Our unique biological characteristics enable us to establish our identities. In today’s digital era, where a substantial portion of our actions occurs online, verifying our true selves remains firmly rooted in these biological traits, although digitized. Simply speaking, it revolves around our biometrics.

Biometrics serve as a more advanced and secure means of digital identification compared to traditional methods like names, dates of birth, addresses, or social security numbers. By comparing our biological traits or behaviors to records on file, biometric authentication significantly enhances security. Accessing our bank accounts or other protected data is more challenging for anyone lacking the appropriate credentials.

Sponsored

Furthermore, as biometric data forms an intrinsic part of an account holder, it is said to be much more difficult to forge or replicate. Physical data is generally easy to record and store, making the authentication fast and convenient: you do not have to remember complex passwords or carry physical keys. It’s enough to scan your fingerprint or a face to gain access.

Today, biometric identification is widely applied in numerous use cases: we scan our faces or fingerprints to unlock our phones, access online trading platforms, enter buildings, cross borders at airports, and many other needs.

According to recent statistics, the digital identification market has experienced significant growth over the past few years. Starting at $23.3 billion in 2020, it is projected to reach nearly $70.7 billion in revenue by the end of 2027.

The biometric sector, a key component in the digital identity industry, is also anticipated to increase by 14% and reach $82.9 billion by the end of 2027.

A chart of digital identity solution market revenue worldwide from 2020 to 2027.
Digital identity solution market revenue worldwide from 2020 to 2027.Source: Statista

Simultaneously, the rise in identity fraud, advancements in artificial intelligence (AI), and blockchain integration to enhance digital identities contributed to the faster growth of the digital identification market. Increasing demand for fraud prevention, more efficient compliance management, and methods that would be more secure than conventional ones is the driving force behind the biometric sector. 

“Biometrics technologies have the potential to transform the way we interact with the world around us. There are risks, but they can be managed,” a spokesperson for Biometric Institute told DailyCoin.  

Data Breaches Among Biggest Threats 

Biometric identification systems record immutable personal characteristics that could be valuable across the black market when stolen. This makes it a frequent target of hackers. Like other traditional methods, biometric identification systems are also subject to data breaches.

Identity theft and related cybercrimes were responsible for the second-highest number of compromised data incidents in 2022, impacting over 422 million victims. Within the last year, identity-related breaches in the corporate sector increased by 5%. 

Considering the forecasted cybercrime damage calculations exceeding $10.5 trillion by 2025, it is logical to anticipate a continued rise in identity data breaches, exposing sensitive personal data, if the industry doesn’t find ways to enhance data security. 

Unfortunately, the recent case of Worldcoin demonstrates that even well-protected biometric data can be exposed to risks due to system vulnerabilities. Just weeks ago, blockchain auditor Certik exposed a major flaw in the code of Sam Altman’s project, aiming to become the world’s largest human identity and financial network.

Worldcoin scanned over 2.2 million irises through its sci-fi-looking Orb. However, due to code vulnerabilities, hackers could bypass the verification process required to become an Orb operator. They installed the password-stealing malware and got an exposure to biometric data captured by the scanning device. 

“Individuals who want a verified World ID are not required to share any personal data with Worldcoin other than images of them collected by the Orb. These images generate a unique iris code and, by default, are immediately deleted once the iris code is created,” Worldcoin’s spokesperson confirmed to DailyCoin. 

Nevertheless, the credentials of several Orb operators were later noticed to be listed for sale on the dark web. 

Worldcoin, a widely discussed name in cryptocurrency, is not alone in placing sensitive user data at risk.  A massive database of over one million fingerprints, facial scans, names, and other private information was hacked four years ago, affecting over five thousand organizations worldwide. More than 28 million biometric data records were reported circulating in the black market.

The methods by which attacks against biometric data systems can be executed are diverse. 

These may include skimming, where malware captures biometric data during legitimate signing processes; spoofing, which disguises an attacker’s identity or device as something trusted to deceive victims into sharing sensitive information; and replay attacks, where hackers intercept and record legitimate data transmissions, later replaying them to gain unauthorized access. After all, human error or an internal data leak is always possible.

Deepfakes: AI Brings New Threats

However, with the rapidly evolving AI and machine learning, another serious challenge emerges that the digital identity industry will have to face more and more often: deepfakes.

Deepfakes, AI-generated, highly realistic images can be abused to impersonate people to get access to sensitive information. The top security organizations in the US acknowledged that deepfakes already present a growing challenge for all users of modern technology.

Advancements in artificial intelligence, computational power, and deep learning have made it much easier, faster, and cheaper for anyone to generate fake multimedia. The market is flooded with tools that, as a result,  have increased in value and become widely available for adversaries, exploiting targeted individuals and organizations.

According to American Security Services, the democratization of generative AI tools has made the list of top risks for 2023. 

Adopting AI capabilities to outsmart Know-Your-Customer (KYC) or other compliance procedures with fake biometrics has become a new way of identity theft. Shufti Pro, an identity verification platform, reported a 2% growth in the biometric fraud field within 2022, mostly through deepfakes and facial morphing attacks, when the facial features of two individuals are artificially merged into one.

But even though AI will continue to be used for malicious intents, it will also contribute to improving the accuracy and usability of biometric systems, says the spokesperson of the Biometric Institute.

“As much as AI can be used to generate deepfakes and other attack vectors, it can also be used to aid in the ability to distinguish genuine from fraudulent biometric data.”  

Both active and passive biometric fraud detection schemes rely on AI and must be customized to match the implementor’s needs and requirements. 

Yet, no matter what organizations do, they should prioritize having clear policies when using biometrics. Biometric technology involves probabilities, and like any technology, it comes with certain risks that must and can be managed, the institute added.

Privacy Concerns Are Here Now

Finally, with Worldcoin and X bringing global attention to biometric data collection, a major concern about sensitive personal data privacy and potential misuse has returned to the headlines. 

Critics claim that identification solution providers are centralized entities that may have private interests in the disposal of massive amounts of biometric data.

Social media platforms like X make a significant portion of their revenue from collecting user data. They sell it to data collection companies, who sell it to third parties for targeted advertisements. 

With Elon Musk gradually turning the microblogging platform into an “Everything app,” critics are wary that biometrical data collection could provide another opportunity for centralized corporations to benefit from selling sensitive user information.

As trust is the key precondition for the digital identification market to function successfully, it’s up to businesses and governments to decide what they will do with the data collected. 

But it’s also up to us as users to choose whether we are willing to share our most sensitive personal data.

Learn about shorting frauds:
What It Takes to Become an Activist Short Seller

Find out what’s necessary for the next crypto bull market:
ETFs Aren’t Enough for a Crypto Bull Market. What Else Do We Need?

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Simona Ram

Simona Ram is a senior journalist at DailyCoin, based in Lithuania, who covers the forces and people shaping the Web3 industry and the areas where decentralized crypto assets meet the centralized world. She has experience in business communication within the financial sphere and has a degree in Foreign Languages, which helps her interact effectively with sources from diverse backgrounds. In her free time, Simona enjoys exploring new cultures.