Biometrics: The past, present and future

Biometrics as a form of technology has been growing rapidly. Visa Europe recently conducted a study in UK which suggested that approximately 76 per cent of the population aged between 16 and 24 years are more comfortable making payments using biometric security. Moreover, 69 per cent of this population believes it will make their lives faster and more convenient.

In India, Aadhaar — a citizen's Unique Identification Number — has registered approximately 750 million users with an individual's biometric elements. This points towards how identity database will slowly be taken over by biometrics in the near future.

Payment giants like Mastercard are also looking towards imbibing biometrics technology in their systems. Ajay Bhalla, president of global enterprise risk and security at Mastercard told Engadget, "We want to remove passwords. Passwords are a big problem for people — they keep forgetting it or they use passwords which are very simple and dumb."

The most prevalent breakthrough in the smartphone segment was made by Apple back in 2013 when the company first integrated Touch ID in the iPhone 5s. Three years later, most of the premium handsets by companies such as Samsung, LG and HTC come equipped with this feature.

Biometrics with its ability to identify people using their unique physical characteristics and behaviour, has gradually established a steady business in the market. However, despite the progress in this segment, security is still being breached through innovative methods.

For instance, at the CCC conference in 2014, a security researcher called Starbug used a simple 3D printed mould to construct a working model of the German Defence Miniser's fingerprint which was based on a high-res photograph of the minister's hand.

Companies are turning towards other physical attributes that can still be used for authentication without being manipulated by hackers. Iris scanning was perhaps one of the primary highlights of the Galaxy Note 7. In fact, places where dependable identification is critically important such as airports and military bases already make use of iris scanners.

But even the most accurate kind of modern biometrics is beset with problems.

The primary problem is the live-tissue verification. Many commercially available iris-recognition systems are easily fooled by presenting a high-quality photograph of a face instead of a real face.

Moreover, when it comes to integrating this technology with smartphones, the device requires an infrared (IR) camera which is quite an expensive technology thereby making the device pricey.

Earlier this year, HSBC announced its plans to use voice recognition software to verify the identity of its customers in the UK.

"The launch of voice and Tough ID makes it even quicker and easier for customers to access their bank account, using the most secure form of password technology — the body," Francesca McDonagh, head of retail banking and wealth management for HSBC UK told BBC.

However, according to various security researchers, a sample of the user's voice can be collected in various ways including making a spam call, recording a person's voice from physical proximity of the speaker, mining for audiovisual clips online and compromising cloud servers that store audio information.

Apple's voice recognition application 'Siri' has also faced several security issues. In 2011, a China-based hacker group managed to jailbreak the iPhone 4 and run a full version of Siri which allowed them to steal sensitive information from the users who installed the app.

In fact, researchers at ANSSI, the French information security organisation discovered that 'Siri' could be remotely controlled by any person.

The weakness of biometrics remains fundamental. It is still being implemented as more than a secondary form of authentication to an extent wherein biometrics may soon completely replace the standard password authentication system.