Faisal Al Bannai, the Managing Director for axiom Telecom, the region’s largest retailer and distributors for mobile devices and accessories explains how Biometrics are set to drive a significant improvement in protecting mobile phone users from a serious breach of their private or business data, with many devices currently creating an “unlocked back door” to online accounts and cloud storage
The recent International Trends in Cybersecurity Report by CompTIA found that almost 50 per cent of UAE businesses had experienced at least one IT security breach in the previous 12 months, with reliance on cloud computing and mobile technology forcing a change in security practices. Around 60 per cent reported a mobile-related security incident, including lost devices, mobile malware, phishing attacks, and staff disabling mobile devices’ security features.
The risk of criminals using a lost or stolen mobile phone to access important data is very real, with smartphones offering an instant connection to email, messaging and social networking accounts, as well as files kept in cloud storage. Your very identity is at risk of theft, yet a worrying number of users fail to activate their phone’s security features. The inconvenience of entering a PIN every time the user wants to unlock the phone is often cited as a reason for this. Using biometrics to unlock the phone can remove this inconvenience and help keep data secure, with fingerprint security already gaining acceptance.
Popularized by Apple’s TouchID feature, fingerprint recognition is now a common feature on higher-specification phones. It allows users to unlock a phone with a single touch, just as convenient as unlocking it by swiping a finger across the screen. A report from market intelligence firm Tractica has noted 2015 as being a ‘tipping point’ for mobile biometrics, with fingerprints emerging as the most common form of biometric authentication. Tractica predicts the number of mobile phones being shipped with fingerprint recognition will surpass one billion per year globally by 2021, representing 34 percent of the market.
However, the security of a fingerprint has been questioned. Traditional IT security relies on ‘something you know’, such as a password, or ‘something you have’, such as when you receive an SMS ‘token’ to complete a credit card purchase online. Biometrics are also ‘something you have’ – your fingerprint is unique, but tests have shown that fingerprint scanners can be fooled by a copy of the print – recognizing the pattern whether or not it’s attached to a finger.
The technology is getting better, but it’s not foolproof. The great benefit is for people who are currently choosing not to use any security for the phone. Even if thieves become adept at hacking fingerprints, there will at least be a delay between obtaining the phone and unlocking it, and that will give the phone’s owner some time to remotely disconnect the device from all their accounts.
For a higher level of protection, biometrics pave the way for convenient two-factor verification – you enter a PIN, using ‘something you know’ to verify your identity, and then use a fingerprint, which is ‘something you have’, to confirm that it was you who entered the code. Anyone trying to break into the phone needs to know the PIN, and also somehow obtain a copy of your fingerprint. That is going to be very difficult.
Looking to the future, the next generation of mobile biometrics is already emerging. Technology exists to support face recognition – also problematic, with a Google experiment fooled by a photograph – along with the more secure iris scan and voice recognition. Iris and voice are the most likely to gain mainstream acceptance.
Devices with iris scanners are already on the market, although they have yet to achieve widespread take-up, while voice recognition is tipped to be included in future versions of ‘intelligent personal assistant’ systems, such as Apple’s Siri, Google Now and Microsoft Cortana. A fingerprint is the most easily accepted biometric key, because it so closely replicates the way we are already accustomed to interacting with the device, but the most important aspect of fingerprint authentication may be as a step towards people accepting a range of other biometrics. Combined, these will lead to a quantum leap in terms of data security.