Rows that go around the corner people waiting to have their iris scanned in exchange for a few cryptocurrencies.
This reality, which was and continues to be news, opens up too many questions, and one of them keeps cybersecurity experts awake: how much longer will biometrics continue to be an effective element for taking care of digital assets?
Biometrics and artificial intelligence
“With the emergence of Artificial Intelligence (AI) they can different types of authentication and authorization by biometrics may be violatedthis includes facial biometrics,” warns iProUP Félix Lauzem, Red Team Manager at NeoSecure by SEK.
It is that with the advance of deepfakes created by AI and their high level of realism, “the reliability of authentication solutions may not have sufficient capacity to verify whether it is a person (human) or a fake element created by a machine,” adds Lauzem.
“AI complicates cybersecurity by enabling more sophisticated cyberattacks. These can include automated hacking tools that adapt to security defenses, deepfakes that manipulate audio and video to impersonate individuals,” he details. iProUP Pablo Gagliardo, vice president of Noventiq Latin America.
But there is still more according to this specialist: “AI can also analyze large amounts of data to identify vulnerabilities more quickly than its human counterparts.”
Iris scanning remains the most effective biometric method
The point is that this new technology makes the work of criminals easier. “They are taking place increasingly sophisticated attacks, prepared with generative AI“, maintains iProUP Jesús Alonso Murillo, Chief Information Security Officer (CISO) of Prosegur global.
“Anyone, without much prior knowledge, can carry out sophisticated attacks with advanced patterns, which can compromise security. In addition, privacy is another pattern to take into account,” he completes.
Hernando Castiglioni, director of Engineering for Fortinet South America East, assures iProUP that “any type of data can always be subject to vulnerabilities or leaks. biometric data They are still pieces of information that can fall into the wrong hands.
Likewise, “many biometric authorization systems can be violated by taking advantage of spaces to deceive authorization, either with voice reproduction or facial recognition, among others,” he details.
Biometrics: can they hack my voice?
¿Audios with Messi’s voice? Is it the voice of the 10 of the Argentine National Team? No, it’s the AI doing its thing again. So what happens to what was projected as the being able to manage devices from our words.
The imitation of voices of the AI May Make Voice Dictation Entry Models Vulnerable? “No doubt yes!” says Lauzem.
Experts assure that it is possible to clone the voice with artificial intelligence to impersonate victims
“AI learning mechanisms are evolving wildly, learning from data insertions, whether text, audio or video. It is increasingly noticeable how close their results are to human reality, creating precise voices and intonations“explains the manager of NeoSecure by SEK.
Various cases, based on these voice manipulations, “are already being used to practice fraud and scams, and this can also allow the evasion of systems that use voice authentication,” adds this expert.
The advance of these tricks to bypass cybersecurity mechanisms forces experts to think all the time how to strengthen income.
“The perfect complement to these mechanisms is the multi-factor authentication via token, SMS or app and bring everything to a Zero Trust access model,” he tells iProUP Martín Medina, Business Development Manager at BGH Tech Partner.
“AI could be used to analyze, process and use biometric data for an illegal purpose,” Gustavo Pontoriero, Cybersecurity Lead at Nubiral, tells iProUP. In this sense, he details:
- Fingerprints: AI could be used to create falsifications or circumvention of controls of management systems.
- Face recognition: could be used to create techniques generating fake images or stealing system images/patterns that houses them in order to deceive facial recognition systems.
- iris recognition: Anyway, it’s still one of the more secure biometric methodsfor this reason they are more used in airports or in banking entities due to their low rate of false positives and their effectiveness.
Cyberattacks with artificial intelligence: how to defend yourself
To counter AI-driven cybersecurity challenges, “companies can use this same technology and integrate it into their threat intelligence systems for early detection and predictive analysis,” says Gagliardo.
Experts warn that AI allows people without technical knowledge to carry out advanced attacks
“Automated response mechanisms allow rapid action against threats, while Enhanced biometric security with adaptive authentication improves defense against biometric impersonation,” says the leader of Noventiq Latin America.
Furthermore, Gagliardo remarked, “the sAI-enhanced training simulations help create a safety-conscious workforceand the decentralization of AI applications through techniques such as federated learning reduces the risks of centralized data, thus strengthening cybersecurity measures on several fronts.”
“Biometrics is a practically infallible technology in terms of operational security, especially in the field of digital banking. But not any type of biometrics can detect false identities based on artificial intelligence,” Marcelo tells iProUP. Fondacaro, CCO of Veritran.
Currently, “most of the financial entities use 2D biometricswhich has many weaknesses in terms of protection and can be violated,” says Fondacaro.
“3D biometrics, on the other hand, is the one that provides a greater layer of security and is recommended for the financial system, since it is capable of validating a person’s identity and performing a proof of life in a simple way and in just seconds. making it practically foolproof and without sacrificing the user experience.”
Finally, Gastón Vargas, SOC Analyst at Sparkfound, highlights that “the Users are responsible for their own information “so they must take care of their biometric data by choosing where to use it and where not to expose it.”
