How to protect biometric data from cybercriminals

Biometric authentication is often presented as a completely safe way to protect your devices and privacy. While experts warn that hackers can steal biometric information in various ways, including using your social media posts, researchers at NordVPN found 81,000 hacked digital fingerprints in the Dark Web forums. Moreover, the biometrics of your fingerprints or face aren’t supposed to change, so in case of an attack, your identity might be compromised forever.

“It is fair to say that biometric data is more secure than most types of authentication, such as passwords. But all recorded data is hackable,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN. “Moreover, you can change compromised passwords, but losing biometric data is already a serious issue. That makes biometric information a valuable target for cybercriminals, and hacking of this type of data becomes a popular way of identity theft.”

The internet might be full of your biometric data

There are more than 20 different types of biometric data, such as fingerprints, face or voice. Every type of biometric information could be compromised in several different ways. One common and long-term method of stealing fingerprints is placing a skimmer on ATMs or other fingerprint scanner machines. It collects fingerprints and creates fake versions that could be used to access devices or private information.

While still being used, a skimmer is an old-fashioned way to steal biometric data. With the rise of deepfake technology, biometric hacking has become much more sophisticated but, at the same time, more accessible for cybercriminals. By performing a biometric spoofing attack, hackers can compromise a secured system by exploiting users’ selfies, photos and videos from social media to create fake identifiers like face, voice or even fingerprints.

“While we are the owners of our own faces and voices, we are not the only ones with access to them,” says Warmenhoven. “Over the years of being active social media users, people left so much biometric data that with the current capabilities of artificial intelligence to create deepfakes, it becomes a weapon against our privacy. Only this time without our initial consent.”

Biometric data used to unlock a device is not easy to obtain because usually it’s stored in the device as encrypted binary code. But opening apps with biometric data or allowing them to use it is not always a safe solution. Sometimes users hand in their biometrics without knowing who the app’s developers are and how they use collected data.

Nevertheless, even if biometric data is stored on the server or cloud of a reliable app developer, it is much more vulnerable because there is always a risk of a data breach. Moreover, a biometrics hacking attack can be done through interception during data transmission between the user’s device and storage.

How to protect your biometrics from cybercriminals

To protect yourself from biometric hacking, Warmenhoven advises these preventive measures:

  • Think carefully before you opt to use biometric data. Even if you have the possibility, it doesn’t mean you always need to use biometric authentication. Before you allow a new app to scan your fingerprint or face, be discerning about when and where you share your biometric data and consider the reputation of the company asking you to use biometrics for authentication.
  • Use biometric data for multifactor authentication, along with strong passwords. Two-factor authentication (2FA) or multifactor authentication (MFA) would raise your security levels.
  • Use a VPN. A VPN can help secure your internet connection and prevent third parties from intercepting any biometric data you transmit.



Keep your finger on the pulse of top industry news