Traditional passwords nowadays are a weak point as data leaks happen quite often. More and more companies decide to change the approach and adopt biometrics. However, no one is immune to identity theft and there already have been several actual cases of losing biometric data.
To raise awareness on the topic and show that such data requires strong security regulations, cybersecurity company Kaspersky has distinguished several dangers of unsecured biometric data:
- Stranger-danger. In order to set face or touch recognition, the system usually requires one sample of a finger or a face. Hence, it is possible for a user to fail authorisation due to lighting conditions or such changes in their appearance as glasses, beards, make-up or aging. On the contrary, it allows cybercriminals to steal this sample and use it according to their malicious aims.
- A password for a lifetime. It is not a problem to change a password consisting of numbers and letters, but once you lose your biometric data you lose it forever. The problem with touch recognition can partially be solved by leaving only 2-4 fingerprints, leaving others for emergency cases, but it is still not safe enough.
- A digital locker. Existing «digital lockers» rely on cloud-based help – biometric matching usually happens on the server side. If successful, the server provides the decryption key to the client. That increases a risk of a massive data leak – a server hack might lead to the compromising of biometric data.
- Biometrics in real life. There are two cases when an ordinary person can encounter biometric authentication. Firstly, banks try to adopt palm scans on ATMs as well as voice authentication on phone-based service desks. Secondly, individual electronic devices use touch and face recognition. However, biometric security is not yet fully developed and there are such constraints as CPU power, sensor price and physical dimensions, so some users have to sacrifice system robustness – some devices can be fooled by a wet paper with fingerprints generated using an ordinary printer or gelatin cast.
To secure biometric data, Kaspersky has recommended:
- employing stringent security measures against breaches of traditional logins;
- for businesses it is needed to improve ATM design so as to prevent the installation of skimmers or establishing control over the security of ATM hardware and software.
As for biometric identification technology in general, Kaspersky has recommended that, for now, it should be using it as a secondary protection method that complements other security measures, but does not replace them completely.
SA’s Internet goes down again
South Africa is about to experience a small repeat of the lower speeds and loss of Internet connectivity suffered in January, thanks to a new undersea cable break, writes BRYAN TURNER
Internet service provider Afrihost has notified customers that there are major outages across all South African Internet Service Providers (ISPs), as a result of a break in the WACS undersea cable between Portugal and England
The cause of the cable break along the cable is unclear. it marks the second major breakage event along the West African Internet sea cables this year, and comes at the worst possible time: as South Africans grow heavily dependent on their Internet connections during the COVID-19 lockdown.
As a result of the break, the use of international websites and services, which include VPNs (virtual private networks), may result in latency – decreased speeds and response times.
WACS runs from Yzerfontein in the Western Cape, up the West Coast of Africa, and terminates in the United Kingdom. It makes a stop in Portugal before it reaches the UK, and the breakage is reportedly somewhere between these two countries.
The cable is owned in portions by several companies, and the portion where the breakage has occurred belongs to Tata Communications.
The alternate routes are:
- SAT3, which runs from Melkbosstrand also in the Western Cape, up the West Coast and terminates in Portugal and Spain. This cable runs nearly parallel to WACS and has less Internet capacity than WACS.
- ACE (Africa Coast to Europe), which also runs up the West Coast.
- The SEACOM cable runs from South Africa, up the East Coast of Africa, terminating in both London and Dubai.
- The EASSy cable also runs from South Africa, up the East Coast, terminating in Sudan, from where it connects to other cables.
The routes most ISPs in South Africa use are WACS and SAT3, due to cost reasons.
The impact will not be as severe as in January, though. All international traffic is being redirected via alternative cable routes. This may be a viable method for connecting users to the Internet but might not be suitable for latency-sensitive applications like International video conferencing.
SA cellphones to be tracked to fight coronavirus
Several countries are tracking cellphones to understand who may have been exposed to coronavirus-infected people. South Africa is about to follow suit, writes BRYAN TURNER
From Israel to South Korea, governments and cell networks have been implementing measures to trace the cellphones of coronavirus-infected citizens, and who they’ve been around. The mechanisms countries have used have varied.
In Iran, citizens were encouraged to download an app that claimed to diagnose COVID-19 with a series of yes or no questions. The app also tracked real-time location with a very high level of accuracy, provided by the GPS sensor.
In Germany, all cellphones on Deutsche Telekom are being tracked through cell tower connections, providing a much coarser location, but a less invasive method of tracking. The data is being handled by the Robert Koch Institute, the German version of the US Centers for Disease Control and Prevention.
In Taiwan, those quarantined at home are tracked via an “electronic fence”, which determines if users leave their homes.
In South Africa, preparations have started to track cellphones based on cell tower connections. The choice of this method is understandable, as many South Africans may either feel an app is too intrusive to have installed, or may not have the data to install the app. This method also allows more cellphones, including basic feature phones, to be tracked.
This means that users can be tracked on a fairly anonymised basis, because these locations can be accurate to about 2 square kilometers. Clearly, this method of tracking is not meant to monitor individual movements, but rather gain a sense of who’s been around which general area.
This data could be used to find lockdown violators, if one considers that a phone connecting in Hillbrow for the first 11 days of lockdown, and then connecting in Morningside for the next 5, likely indicates a person has moved for an extended period of time.
Communications minister Stella Ndabeni-Abrahams said that South African network providers have agreed to provide government with location data to help fight COVID-19.
Details on how the data will be used, and what it will used to determine, are still unclear.