Can Your Face DigitalSignature Be Hacked On Facebook?

Face recognition is fast becoming popular for login authentication and generate credentials as for retailers as a means of payment like Apple has embraced it in its iPhone models.

Facial recognition is a way to verify a person’s identity from a digital image using facial features that are stored in a database. With phone cameras providing an easy setup for digital face recognition, many users are also embracing the technology. Still others are busy trying to hack the system with some claiming success.

The technical name is biometric authentication. Simply put, a Phone owner can unlock his phone and make a payment with his face. It’s a somewhat novel idea, but as is predictable, hackers are finding ways to take the fun out of it.

About 81% of confirmed data breaches in the Accommodations industry involved stolen credentials

For the time being, consider whether or not you want to use these biometric features to pay for products and services. No matter what you choose, you will be giving up some type of data. If you pay by payment card, you provide your card number, name, and other information that can be used to make purchases. The difference is that you can get a new payment card if it’s used for fraud. It’s not so easy to get a new face or fingerprint. Last week a new Facebook challenge went viral asking users to post a photo from 10 years ago and one from today captioning “how did aging effect you?” Now being called the “#10YearChallenge” Over 5.2 million, including many celebrities, participating in this challenge giving away your privacy and future authentication keys.

When Apple launched the iPhone X, they claimed the security of Face ID was a 1 in 1,000,000 chance of someone hacking your face. Compare that to the claim of 1 in 50,000 chance of having your fingerprint duplicated, a technology Apple has been successfully using since 2013. Even with those odds, security breaches are still possible.

It’s been reported that with just a look, a user’s 10-year-old son was able to unlock her device. Apple admitted there was a chance that a family member with similar facial characteristics could fool Face ID.

In another case, a group of Vietnamese hackers bent on discrediting Apple’s Face ID claim they finally hacked the system. The group used a 3-D printed mask with 2-D eyes glued on to unlock the iPhone X. From there they reset the facial recognition to register the face of one hacker and gained access to apps and Apple Pay. The total cost to the hackers was less than $200 for the entire process. Apple insists the hack was unlikely, as they had already used Hollywood studios to test the idea of mask-hacks and were successful.

It’s not the first time researchers and others have tried thwarting biometric security. Several years ago, a group of German hackers claimed to have reproduced the fingerprint of a German official by capturing a photo of the person holding up a hand. They didn’t use fancy 3-D printing technology. They used tracing paper, plastic board, graphite, and wood glue, but were successful. And shortly after the release of the Samsung Galaxy S5, researchers were able to crack the fingerprint sensor using a photo of the print.

Whether family members or hackers, there’s now a wrinkle to face recognition. Reducing risk for your smartphone is a part of responsible device ownership. What was once a new and uncharted technology eventually becomes the norm. It also gives new opportunities for hackers. Stopping short of literally keeping your device under lock and key, important decisions need to be made. Think about what option works best for you, considering convenience and a level of security or risk you’re okay with. This is especially true when there are children with devices who need to be kept safe from harm. As technology grows, so grows the risk of harm. Keeping smart and informed are the best steps toward keeping safe, no matter what the next new thing may be.

How to protect yourself and your company from get your login access hack?

Enable a CULTURE OF MULTI-FACTOR Authentication.

Start using a Password manager and activate 2FA (two-factor authentication) for all the services you use. Some two-factor solutions rely on shared secrets to generate token numbers, which, if attackers steal, they can use the information to compromise an organization. SynerTech Duo’s two-factor solution is designed with security in mind.

We use asymmetric cryptography, keeping only the public key on our servers and storing private keys on your users’ devices in a tamper-proof secure element. Duo never stores your passwords - meaning your logins stay safe.

See More about Multi-FactorAuthentication Solutions

Our company is a leader in Network Security.

We can evaluate your current business environment and provide a complete assessment of your overall security health. Our security experts will then provide and implement a complete security plan to provide a comprehensive security solution to ensure that you have the best chance against current and future threats.

What else Can you do to be prepared?

Employee Education: CYBERSECURITY 101 It's critical that your staff understands what ransomware is and the threats that it poses. Provide your team with specific learning experience examples of suspicious emails with clear instructions on what to do if they encounter a potential ransomware lure (i.e. don’t open attachments, if you see something, say something, etc.) see CYBERSECURITY 101 training program below

Security: Antivirus software is essential for any business to protect against ransomware and other risks. Ensure your security software is up to date to protect against newly identified threats. Keep all business applications patched and updated to minimize vulnerabilities.

Backup: Modern total data protection solutions take snapshot-based, incremental backups as frequently as every five minutes to create a series of recovery points. If your business suffers a ransomware attack, this technology allows you to roll-back your data to a point-in-time before the corruption occurred. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time before the ransomware infected your systems, you can be certain everything is clean and the malware can’t be triggered again.

EmailSecurity: Use a real Cloud-based email security platform, a robust, secure, and legally compliant email encryption.

Quarterly Network Security Assessments: Do a security audit every quarter or half yearly, depending on your need. Did you know that most security vulnerabilities occur inside a business, behind the firewall? In fact, more than 70% of all cyber security incidents today are the result of INTERNAL security issues that no firewall, anti-virus or malware device could have prevented. schedule yours now.