NexID Biometrics: The Solution to Spoofing Mobile Biometrics

POTSDAM, N.Y., Oct. 16, 2013 /PRNewswire/ -- With its fingerprint-identity sensor, Apple's new iPhone 5S has raised awareness of biometric-based security for mobile devices.  Unfortunately, it didn't take long for hackers to spoof the biometric sensor used to unlock the 5S, but software from an upstate New York technology company -- NexID Biometrics – safeguards users' devices against such vulnerabilities.

(Logo: http://photos.prnewswire.com/prnh/20131016/SF97206LOGO)

"Any fingerprint-authentication platform is vulnerable to some degree unless bolstered at its core by multi-factor security that includes the ability to detect fingerprint spoofing or 'liveness,' those from a living person," said Mark Cornett, Chief Operating Officer of NexID Biometrics, a leader in biometric-authentication-software solutions.

With an SDK that integrates with other fingerprint-scanning software, NexID Biometrics specializes in supplying solutions that elevate the effectiveness and mitigate the vulnerability of biometric-authentication security. Cornett will illustrate NexID Biometrics' capabilities at this week's global Biometrics Exhibition and Conference 2013 in London.

The TouchID capability is one of the highlighted features of the Apple 5S but the ease and quickness with which hackers broke through the security system via spoofing has heightened the attention given to the fingerprint-authentication attribute.

And although TouchID is restricted to unlocking the 5S and making purchases of iTunes and other Apple Store items, the hacking episode has ignited a debate over the feasibility of using biometric authentication for highly secure activities on mobile devices, such as financial transactions, mobile purchases and access to confidential information.

"Like most biometric modalities, fingerprints are not secret, and can be lifted from a variety of surfaces by a determined individual," said Cornett.  "Once a latent print is acquired, a mold can be produced from a variety of common materials, and used to spoof the target device into authenticating an unauthorized user. Other biometric modalities such as face, iris, voice and palm have their own vulnerabilities to spoofing attacks.

"Yet, it would be wrong to conclude that biometrics are not useful for securing mobile devices from unauthorized use," he said.

Cornett explained that while the technique hackers used to spoof the Apple 5S is fairly straightforward and the materials they used are readily available, they are just two examples of the many combinations of techniques and materials that NexID Biometrics uses to test the vulnerability of various fingerprint sensors currently on the market.

From these tests NexID is able to produce and continually improve its anti-spoofing software to effectively thwart spoofing attacks like the one that targeted the Apple 5S. NexID licenses this technology to fingerprint sensors of varying technologies, applications and markets, including those embedded on mobile devices, he said. The company encourages developers to incorporate NexID into their fingerprint identification or other biometric authentication mobile apps.

"The value proposition of biometric authentication is highly attractive from several standpoints, including convenience and productivity," Cornett said. "And when combined with appropriate anti-spoofing technology such as that available from NexID Biometrics, it also includes the benefit of enhanced security."

About NexID Biometrics
NexID Biometrics is a leading software and technology supplier to the biometric authentication industry. The company develops and licenses liveness-detection software that enables fingerprint-scanning technologies to more accurately, and with greater confidence, authenticate scanned images by mitigating spoof-related risks. The company also provides testing and analysis of fingerprint-scanning devices to identify existing vulnerabilities to known spoofing strategies. The company's founders represent some of the world's leading authorities on biometric spoof mitigation and liveness detection.

SOURCE NexID