China\Innovation

Cybersecurity may be slipping through our fingers

By Cheng Yingqi | chinadaily.com.cn | Updated: 2016-12-20 07:29

Cybersecurity may be slipping through our fingers

Lin Yuhui checks some of the sketches he has drawn of people in public places. [Photo provided to China Daily]

Rather than providing a safeguard, new voice-and fingerprint-recognition systems may actually help hackers to raid people's bank accounts. Cheng Yingqi reports.

Before online payment systems brought so much convenience to our lives-allowing us to book taxis, go shopping or eat at a restaurant without carrying a wallet-the most famous online adage was: "On the internet, no one knows you're a dog".

The lack of identity confirmation wasn't a problem for most people because the "old" web was a place where our online identities could remain separate from our real lives.

However, new technologies that can link bank accounts with the internet are now bringing threats into our daily lives that once only existed in virtual spaces.

For many experts, one of the most worrying examples is that facial features may offer hackers the opportunity to unlock people's safe boxes.

Researchers with the McAfee Labs Mobile Research Team-the threat-research division of Intel Security-recently discovered a new variant of a well-known Android banking Trojan, a form of malicious computer program also known as "malware", that can hack into personal computers by misleading users about its true content.

In addition to requesting financial information, the Trojan can also request a self-portrait with your identity document, which is useful for cybercriminals because it not only confirms a person's identity, but also allows outsiders to access their bank account.

Easy to counterfeit

"Biometric technologies, including facial recognition, fingerprint identification and voice recognition, are not suitable for remote authentication, because they are easy to counterfeit," said Mei Lin, director of the Cyber Physical System R&D Center at the Ministry of Public Security's Third Research Institute, in an exclusive interview with China Daily.

"For example, if you use your fingerprint to verify your identity in front of a bank employee, you can't wear fake fingerprint film because it can be discovered too easily. However, if you are using your fingerprint as a means of authentication for online payment with no one watching, it's both easy and cheap to cheat," he said.

At least one well-known Chinese online retail platform allows customers to purchase a DIY fake fingerprint kit for just 23 yuan ($3.34). The kit contains enough silica gel to produce 20 fake fingerprint films. Once payment has been received, the vender offers video courses that teach customers how to use the gel to manufacture false fingerprints that will allow a third party to "imitate" them and fool security systems.

According to clients' comments, the film can deceive fingerprint punch-card machines and screen locks on several brands of cellphone.

In addition, people also face the threat posed by "backdoors"-loopholes in the program that could give hackers the opportunity to steal a person's fingerprint information.

In March, computer scientists from Germany and the United States unveiled new face-capture technology that can map a user's facial expressions in real-time onto the face of a celebrity and then generate realistic video showing the celebrity "saying" anything the user chooses.

Meanwhile, last month, the Chinese voice-recognition software manufacturer iFLYTEK Co launched an app that can flawlessly imitate a person's voice, pronunciation and intonation.

"From a technological point of view, this means it is possible to cheat facial- and voice-recognition-based identity authentication systems with remote logins," Mei said.

"In physical space, biological features such as your facial features and fingerprints are the only solid proof of your identity. On the internet, they are just digitized information that can be easily duplicated and reused."

Previous Page 1 2 Next Page