Biometric smartphones vulnerable to cyber fraud & targeted ads

28 Nov, 2014 13:06 / Updated 10 years ago

An ex-GCHQ chief says he has serious security concerns regarding the use of biometric data in smartphone devices like Apple’s iPhone 6, warning users they could be vulnerable to cyber criminality and targeted advertising.

Sir John Ayde headed Britain’s government spy base GCHQ between 1989 and 1996, and now acts as chair of a firm developing biometric technology for identity recognition.

While he acknowledges the deployment of biometrics in smart phones is a progressive step, Ayde warns that little is precisely known about what happens to individuals’ data.

Speaking to the Commons Science and Technology Select Committee on Thursday, Ayde said electronic monitoring with respect to credit or debit cards is supervised by banks in one form or another.

“But when you're using your smartphone,” he warned, “there's no physical supervision of the system.”

‘Cyber criminality & cyber fraud’

Ayde argues it is absolutely vital that robust security methods are devised to protect individuals who use phones with in-built biometric technology. He also proposes that an official “party at the other end” – be it a bank or otherwise – should monitor the process.

Of particular concern to Ayde was the Apple iPhone 6, which facilitates users in making payments and accessing other services with their fingerprint. He warns cyber criminals are highly inventive at means of stealing customers’ data, and Apple iPhone 6 smartphone users would face even greater risks if their device was lost or stolen.

Apple has defended the technology underpinning its smartphone devices. The firm claims it uses the most technologically progressive biometric fingerprint security currently available and places privacy and security at the center of its ‘Apple Pay’ system.

‘Greater need for transparency’

Speaking to MPs in the Commons, Ayde suggested more transparency is required with respect to the manner in which people’s personal data can be passed on to third parties.

The ex-GCHQ chief expressed concern that corporate firms’ use of biometric technology could result in tech firms like Google targeting advertising at smartphone users. He also asked whether sensitive personal information could be deployed by “hostile” foreign governments.

Biometric engineer Ben Fairhead was also questioned by the Commons Science and Technology Select Committee on the risks associated with biometric information. As to whether fingerprints could be faked in elaborate cyber-fraud schemes, Fairhead told Labour MP Pamela Nash there was a wealth of scientific research centered on fraud-proofing biometric technology.

The engineer said multiple means of deciphering whether a finger used for a fingerprint was real, “made of flesh,” and pulsating lightly with a blood flow, currently exist. Despite this advanced technology, however, biometrics are vulnerable to “spurious results” and cyber-criminality, he said.

With respect to cyber fraud, Fairhead warned criminals are currently adding iron filings to prosthetic fingers to replicate conductivity levels found in human skin.

MPs on the Science and Technology Select Committee called upon the Government to create and implement fresh guidelines for tech firms on how they use personal data. Should companies neglect to comply with these guidelines, the Committee warned the government would need to legislate against improper use of people’s personal information.

The Committee expressed particular concern about tech giant Facebook’s Messenger app for mobiles. Used by over 200 billion people worldwide each month, the software can currently access peoples' mobiles and tablets to take pictures or videos without explicit consent from owners.