It’s time to face a stark reality: Threat actors will soon gain access to artificial intelligence (AI) tools that will enable them to defeat multiple forms of authentication — from passwords to bio-metric security systems and even facial recognition software — identify targets on networks and evade detection. And they’ll be able to do all of this on a massive scale. The question on this comes is, Can Biometrics be the new AI Toolset to execute Cyber-crimes? Many Organisations do agree to the fact that Yes, Biometrics is the new AI Toolset.
Artificial intelligence poses both a blessing and a curse to businesses, customers, and cyber criminal alike.
AI technology is what provides us with speech recognition technology (think Siri), Google’s search engine, and Facebook’s facial recognition software. Some credit card companies are now using AI to help financial institutions prevent billions of dollars in fraud annually. But what about its applications in cyber security? Is artificial intelligence an advantage or a threat to your company’s digital security?
On one hand, artificial intelligence in cyber security is beneficial because it improves how security experts analyze, study, and understand cyber crime. It enhances the cyber security technologies that companies use to combat cyber criminals and help keep organizations and customers safe. On the other hand, artificial intelligence can be very resource intensive. It may not be practical in all applications. More importantly, it also can serve as a new weapon in the arsenal of cyber criminals who use the technology to hone and improve their cyber attacks.
Biometrics and Frauds
Biometrics is considered one of the best tools to ensure security and detect cyber crimes. The potential of bio metrics in authenticating and reducing fraud is imperative and thus it is being widely used in the form of fingerprints, facial recognition, voice recognition, etc. However, the advancement in technology has also paved the way for more sophisticated crimes and identity thefts taking place in companies, especially retail. Criminals are now technically sophisticated and they are even designing their own AI systems, self-learning algorithms and other technologies to illegally access data and vulnerable systems. In the current scenario, cyber frauds have expanded to new avenues and can easily deceive us by manipulating bio metric data.
Machines That Can Prove They’re Human
CAPTCHAs are a form of lightweight website security you’re likely familiar with. By making visitors “prove” they’re human, CAPTCHAs act as a filter to block automated systems from gaining access. One typical kind of CAPTCHA asks users to identify numbers, letters and characters that have been jumbled, distorted and obfuscated. The idea is that humans can pick out the right symbols, but machines can’t.
One of the oldest tricks in the book is the brute-force password attack. The most commonly used passwords have been well-known for some time, and many people use passwords that can be found in the dictionary. So if an attacker throws a list of common passwords, or the dictionary, at a large number of accounts, they’re going to gain access to some percentage of those targets.
As you might expect, GANs can produce high-quality password guesses. Thanks to this technology, it’s now also possible to launch a brute-force fingerprint attack. Fingerprint identification — like the kind used by major banks to grant access to customer accounts — is no longer safe, at least in theory.
Researchers at New York University and Michigan State University recently conducted a study in which GANs were used to produce fake-but-functional fingerprints that also look convincing to any human. They said their method worked because of a flaw in the way many fingerprint ID systems work. Instead of matching the full fingerprint, most consumer fingerprint systems only try to match a part of the fingerprint.
The GAN approach enables the creation of thousands of fake fingerprints that have the highest likelihood of being matches for the partial fingerprints the authentication software is looking for. Once a large set of high-quality fake fingerprints is produced, it’s basically a brute-force attack using fingerprint patterns instead of passwords. The good news is that many consumer fingerprint sensors use heat or pressure to detect whether an actual human finger is providing the bio metric data.
How Are They Committed?
According to a study by Accenture, there are two major types of bio metric fraud. They are impersonation and obfuscation. Impersonation occurs when an impostor spoofs bio metric information to pretend to be a specific individual and then commits crimes or illegal transactions. On the other hand, obfuscation is a method where the criminal manipulates the bio metric data to avoid recognition. The report suggests that the commonly targeted bio metric modalities are fingerprint, facial recognition, and voice recognition, but others including iris, veins, and even DNA-based data could also be exploited to commit frauds.
Another modern technology used for cyber fraud is deep fakes. By creating fake videos and voice messages, criminals can easily target their victims. This suspicious technology enables the users to swap faces in a video or image and make it seem real. The voice-spoofing frauds can also be considered a deep fake crime. Deep fakes are highly used in identity thefts and manipulating facial recognition systems. Ransomware attacks can essentially leverage these disruptive technologies and we have now reached an era where the technology is pervasively misused for advantage. Using bio metrics to initiate cyber crimes in retail can cater to huge financial loss, drastically affecting financial institutions and businesses.
Who are committed in giving the right cyber security services organisations?
Indian Cyber Security Solutions have been granting cyber security services to organisations that are searching for ways to protect their data from unethical hackers. Indian Cyber Security Solutions have been acknowledged as one of the leading cyber security service provider in India. With this we have a vision to improve the expansion of our cyber security business through Virtual Partnership program as well as Partners connect.
Indian Cyber Security Solutions have been acknowledged as the Top 20 Tech brands of 2021 by Business Connect India and Top 10 Security Solutions provider in India by Industry Era. We also do stand as the “Best Cyber Security Training Institute in India” acknowledged by Silicon India.