On the breaking news that airports worldwide are implementing biometric technology to improve the efficiency of identity checks, please find a comment from Kaspersky Lab UK’s David Emm. In it, David identifies how attractive this is to cybercriminals and how serious a breach could be.
David Emm, Principal Security Researcher at Kaspersky Lab UK:
“The development of biometric technologies has given us the ability to use our bodies for authentication, which is increasingly stretching to travel hubs, such as airports. The major benefit, of course, is greater efficiency. However, the integration of biometric identifiers, such as fingerprint, iris and facial recognition, shouldn’t be introduced at the expense of security. Biometric data, stored by a single service provider or across an industry, is a valuable target for cybercriminals. And a breach that resulted in the exposure of such data would be serious – perhaps more so than the compromise of passwords. Any security breach resulting in leakage of biometric data is likely to have extremely serious consequences: we can change a compromised password, but not a compromised fingerprint or other biometric.
“There are also privacy implications of replacing an ID to verify someone’s age with biometrics. Biometric data, unlike a username or password, is persistent: we carry it with us for life. Before this technology is rolled out, it’s important that people are informed about the way such data will be held and used and under what circumstances it might be passed on to other agencies – and this is no less true of biometric data.”