Bioelectric attacks are insidious and covert. Let’s review the most conniving five types.
1. Iris — Culprits get desirous
Iris isn’t just a symbol of hope. It’s also a highly reliable biometric modality that allows identifying people with surgical accuracy. The trick is that nature has endowed human iris with about 260 identification points per eye. That’s barely 17 times more than the amount of identification points in the fingerprint minutiae — it’s priceless for biometric liveness.
And that’s how it can be spoofed. Some iris recognition systems are vulnerable to simple replay attacks: the iris can be printed on smooth, non-glossy paper or replayed from a smartphone’s screen. In rare cases culprits make a textured lens/prosthetic eye copying the iris.
2. Voice — Deep learning leaves no choice
By far, voice is the easiest-to-spoof modality. The problem is that deep learning has evolved to a superiority point, like a rhinoceros beetle, so it can quickly mimic anyone’s voice after listening to just a minute of the target’s narration.
But the more is better: the more voice recordings a Generative Adversarial Network — a typical voice-cloning tool — gets to audition, the more accurate the end result will be. The technology has achieved a cockamamie level of realism that voice actors are getting nervous. Especially Doug Cockle, whose baritone was used for voice acting in the A Night to Remember fan mode.
3. Injection — Covert deception
Injection attacks are probably the worst as they are hard to detect. The spoofing algorithm is a bit trickier than in other attack scenarios. First, swindlers need to infiltrate your gadget — usually a phone — with a tempered app, code of which was modified.
The treacherous app grants remote access to the gadget’s memory, media files, internal communication channels, video signal flow, etc. Once the culprits get it, they can inject a falsified video/photo of you as a response to a challenge set by a security system.
The worst part — you won’t even notice. According to https://antispoofing.org/ anti-spoofing software Wiki, even liveness detection may not notice this. So, don’t get any apps from uncertified vendors.
4. ECG — Exploited by hacker OG’s
Heartbeat can be stolen too. We are talking about electrocardiography signals produced by your body. A smart wristwear, as most IoT gadgets, may have rudimentary protection or none at all. So, fraudsters can slash through it, intercept the cardio-vascular signals and then modify or replace them to make the system believe that it’s your heart’s cadence.
Even if you wear gloves in-doors, fingerprints can be stolen. It’s possible either via a data leak or copying them from a photo of your hands. A similar case happened to Ursula von der Leyen, when a hacker reproduced her fingerprints from a hi-def picture. You may not be a Bundesminister der Verteidigung (Secretary of defense). But try to keep your fingertips covered when being photographed.