New security measures to keep you safe from hackers

Cameras are pivotal in modern-day tech security

As hackers become more creative in their techniques, security experts are being forced to stay ahead of the game.

Updated 9 September 2016

Recent cyber-attacks on financial institutions tell us that the computing devices we rely on for work and pleasure are not as secure as they need to be. One headline in particular, where a syndicate of Russian cyber-criminals defrauded 100 banks of as much as US$1 billion, is especially alarming.

Security threats to businesses include stealing credentials by impersonating an employee; tricking employees to click on a link in an email that performs an action such as buying an item in a web browser or turning on their camera and microphone; accessing back-end parts of a website by visiting hidden, standard locations; and the classic technique of using a password-generating program to guess a login by bombarding it with millions of combinations.

The number and strength of authentication factors will depend on your activity. If you’re posting on Facebook then your computer might need a single form of identification. If you’re logging into online banking, you will be asked for more measures.

Intel has launched a security platform that uses 3D camera scanning and other biometric authentication to access online services and computing devices but it will not be an overnight sensation. 

Gary Davis, Chief Consumer Security Evangelist at Intel Security, acknowledges that it will take years before a business owner can log into their bank by blinking at their laptop.

Death of the password

Security companies are keen to tackle the greatest area of weakness, a technology invented in the 1960s – the humble password. Despite ongoing news stories about weak passwords, the 10 most popular passwords found in any data breach are reliably similar. 

The most popular is the word “password,” only recently unseated in 2013 by “123456”.The mission to replace the password has a long history. 

The most popular is the word “password,” only recently unseated in 2013 by “123456”.

Biometrics started with the fingerprint, which was supposed to put end passwords once and for all, but technical and security limitations have restricted its adoption. For example, a recent demonstration showed how to unlock an iPhone by copying a fingerprint from a glass onto a latex glove. The phone could tell that the fingerprint was attached to a human finger by the heat of the glove wearer’s hand, but it read the copy of the print instead.

Gates with many locks

Instead of a silver bullet, passwords are likely to be replaced by a combination of authentication measures, according to Davis.

“We are looking for multiple factors of authentication that allow people to do whatever they want to do,” he says.

These factors include items you carry on or near you. For example, the presence of a digital fitness band already authenticated with your phone could signal that the owner of the phone was the one using it. That same phone might also ask the user to speak a passphrase so it can analyse the audio and authenticate the voice pattern. Nearly every device carries a microphone and a camera which can be used to authenticate, Davis says.

3D cameras and facial recognition

Phone cameras are likely to include new technology that uses facial recognition to identify the owner via a technique which checks for “liveness” (Samsung, for example, has just released the Galaxy Note 7 with an iris scanner). This is where a mobile device asks the user to blink at the lens ­— something a photo held up to the camera cannot do. The next wave of laptops will include 3D cameras which can take a multi-dimensional image of a person’s head, eliminating the ability to fool the recognition software with a photo of the user.

Security companies are also looking for easier, less invasive biometric measures than retina scans, and as it turns out, a heart rate is uniquely identifiable.

“If you can come up with something that’s easy to use with your heart rate, that will provide a very high degree of certainty,” Davis says.

Intel is likely to have competition from device manufacturers themselves. Apple has already launched a mobile payments platform called Apple Pay that uses multiple factors for authentication, including passwords and fingerprints.

“If you can come up with something that’s easy to use with your heart rate, that will provide a very high degree of certainty,” Davis says.

Google is also active in e-commerce with Google Wallet, which is likely to expand through hundreds of millions of Android phones, tablets and watches.

As Google and Apple’s software appears in cars and watches, it’s possible they could decide that security is too risky [and lucrative] to share with anyone else.

Sholto Macpherson is an editor and publisher at Digitalfirst.com.


Like what you're reading? Enter your email to receive the fortnightly INTHEBLACK e-newsletter.
September 2020
September 2020

Read the September 2020 issue of INTHEBLACK in digital flipbook format.

Our new digital flipbook brings you the same quality content every month, in a new interactive and sustainable format you can enjoy on a PC, tablet or mobile.

READ FLIPBOOK