A short while ago, I posted an article titled "The Biometric Authentication Conumdrum". In that article, I pointed out that biometrics may have problems that were unanticipated by the security professionals advocating for them. Generally, most security engineers have been pressing forward for biometrics as THE solution to our authentication problems. They hold the belief that biometrics are unique to the individual and therefore can not be broken or guessed by hackers. I refute that argument and point out that biometrics may have some very serious security flaws and that the implications could be very dangerous for information security in general.
Recently, a German hacker made my point in rather dramatic fashion. Jan Krissler was able to replicate the fingerprint of the German Defense Minister, Ursula von der Leyen (the presumed heir apparent to Angela Merkel), from commercial photographs of her. Krissler used high quality commercial photographs and one he took himself at close range to then reverse engineer her fingerprint using VerfiFinger. VerfiFinger is one of the most widely used fingerprint, biometric authentication development systems used throughout the world in all kinds of highly secure environments.
Remember, biometrics for authentication are simply files that represent a fingerprint, iris or retina scan or facial features. If the hacker can steal these files or replicate these files as Krissler did, the person's identity has been compromised for life. Unlike passwords which can be changed, once a biometric authentication has been compromised, you do not have the option to change your retina, iris, fingerprint, etc. (of course, barring future developments in plastic surgery or bionics, but that's still another story).
Krissler seems to be reading my mind regarding biometrics when in 2013 he said "I consider my password safer than my fingerprint… My password is in my head, and if I'm careful when typing, I remain the only one who knows it."
This all may be good news for hackers as many highly secure environments are migrating to biometrics. To break into systems of the future might only require a photograph of the victim's hands, eyes or face, making the hacker's job so much easier.