Security Risks of Biometrics
From the BBC:
Police in Malaysia are hunting for members of a violent gang who chopped off a car owner’s finger to get round the vehicle’s hi-tech security system.
The car, a Mercedes S-class, was protected by a fingerprint recognition system.
What interests me about this story is the interplay between attacker and defender. The defender implements a countermeasure that causes the attacker to change his tactics. Sometimes the new tactics are more harmful, and it’s not obvious whether or not the countermeasure was worth it.
I wrote about something similar in Beyond Fear (p. 113):
Someone might think: “I am worried about car theft, so I will buy an expensive security device that makes ignitions impossible to hot-wire.” That seems like a reasonable thought, but countries such as Russia, where these security devices are commonplace, have seen an increase in carjackings. A carjacking puts the driver at a much greater risk; here the security countermeasure has caused the weakest link to move from the ignition switch to the driver. Total car thefts may have declined, but drivers’ safety did, too.
Israel Torres • April 1, 2005 9:30 AM
this type of physical security only forces the attacker to rethink their strategy. Do they:
a. go for the lower hanging fruit?
b. change their attack?
If they really want to get something they will. For example if they are disregarding lower hanging fruit the defender is SOL.
As for the defender… here is a little advice: don’t carry a firearm if you aren’t wearing a vest.
(Something you often see generic bank security guards carrying and not wearing a vest- and sometimes they aren’t even real firearms… which is even worse… )
Israel Torres