Cómo la realidad virtual ayudaron a los investigadores a hackear la Seguridad Biométrica

Years ago, holograms were considered the stuff of science fiction. Things have changed. In recent times, we’ve gone from seeing our beloved, deceased cultural icons appear on stages at music award shows to CEOs attending large meetings as holograms . Obviously, our ability to protect ourselves through virtual reality around the world has evolved. But the security implications of this have evolved as well.

Those consequences came to light earlier this month at the Usenix security conference, an annual security symposium designed to highlight the cybersecurity issues of new technology. During this year’s conference, researchers from the University of North Carolina demonstrated how lifelike facial animations could be used to fool facial recognition.

To accomplish this, WIRED reports, the researchers used virtual reality-like technology and a few photographs borrowed from volunteers. (Although the volunteers freely gave the researchers permission, the photographs were obtained in a similar way to how cybercriminals would obtain them, according to WIRED.) This technique bypassed several tested security systems.

When it comes to technology, this isn’t unexpected. New technologies will almost always have vulnerabilities and obstacles during their inception. As always, security researchers are best equipped to uncover the security flaws embedded in these technologies.

In this particular case , the researchers used the stolen virtual photographs to create fake faces using readily available 3D rendering and animation software. They then combined the photographs and animated the 3D images to fool facial recognition programs into thinking the fake images had movement and depth (even making them blink and smile)—measures these programs use to verify when scanning a face.

It’s a great reminder that it’s trivial to steal high-quality photographs of someone today. Even from multiple angles, which is what a theoretical attack requires. Criminals could simply browse their Facebook , LinkedIn, and other social media profiles. And while this vulnerability is easy to exploit, it’s also a bit tricky to defend against. After all, having an online presence is important for social and career purposes, and even the most careful people when posting can’t always guarantee they won’t leave digital footprints.

Alarming? Sure. But it’s not so worrying: the attack is too complicated and time-consuming for cybercriminals to bother carrying out. It takes a lot of preparation—and in-depth knowledge—to successfully replicate this theoretical attack. This fact significantly reduces the number of people who could be at risk. Furthermore, these vulnerabilities have been emphasized to cybersecurity firms—firms that want this technology to succeed. Fixes for these problems will be available soon.

Given this research, we’ll take the opportunity to review two issues that are relevant in today’s digital world. First, as discussed above, maintaining a level of online privacy is important not only as a lifestyle choice but also for security. Our photos are now connected to our profiles, and consequently, to our security. Second, technology isn’t a static thing. There are new innovations every day in devices and services, and security takes time to perfect. Biometric security and similar innovations are no different.

Consejos para practicar la seguridad biométrica

With that in mind, I present three tips for practicing biometric security:

• Limit your online exposure. Make sure your social media preferences are set to “private.” This way, you’ll protect not only your images, but also those of your loved ones. Always check the privacy options on your social media website. Avoid uploading images for people who don’t already have them.

• Use comprehensive security. Good security requires a lot of preparation—and a comprehensive approach works best. By using a comprehensive security solution like McAfee LiveSafe™ , you extend your level of protection across your devices.

• Use multi-factor authentication. There are several tried-and-true methods for protecting yourself online. Two-factor and multi-factor authentication —when a service requires identification using something you know, like a password or PIN, and something you have, like a smartphone—is one of the most reliable security methods available. Check the services you use online and see if it’s available for account authentication.

Of course, stay ahead of the latest mobile and consumer security threats by following and checking in with us @McAfee_Home on Twitter, and liking us on Facebook .