By Steve Ranger
Friday, July 21 2006 11:09 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,39376855,00.htm

Watch where you leave your fingerprints--soon they could be the target of thieves looking to break into your bank account.

Although biometric security systems--using fingerprints, iris scans and facial recognition--are only just now entering the mainstream, they are likely to be common within a few years.

And as soon as biometrics begin to be used to protect bank accounts or benefit systems, crooks will start looking at ways of breaking into them, according to Bori Toth, biometric research and advisory lead at Deloitte & Touche.

Biometric spoofing is a "growing concern", she said.

Toth told silicon.com: "We are leaving our prints everywhere so the chance of someone lifting them and copying them is real.

"Currently it's only researchers that are doing spoofing and copying. It's not a mainstream activity--but it will be. It's just human nature; if it can be done it will be done if you can achieve some benefit from it."

Different biometrics may be attacked in different ways. For example, researchers have proved in the past it is possible to trick fingerprint systems with fake fingers made of gelatine.

Similarly, would-be thieves could try to spoof facial recognition systems with photos, videos or facial disguises in order to get access to the systems or information they protect.

Part of the problem is that many of the biometrics used by these systems are easily visible.

Toth warned: "Many people are trying to regard biometrics as secret but they aren't. Our faces and irises are visible and our voices are being recorded. Fingerprints and DNA are left everywhere we go and it's been proved that these are real threats."

In response vendors are building tighter security into their biometric systems--for example to check that a finger has a pulse, or that a real iris is being presented rather than a photo.

Steve Ranger of Silicon.com reported from London.