I provided my identity using biometrics for getting a SIM card. Is it possible for this Point-of-Sale guy to save my data and use it later for getting some more SIM cards without my knowledge?
If yes, please explain how it is done.
Asked
Active
Viewed 103 times
1
-
Did you get any OTP from Aadhaar while authenticating? Or were you authenticated using only your fingerprints? – pri Oct 12 '17 at 12:37
-
I removed the whole first paragraph because it did not seem to add to the question. – schroeder Oct 12 '17 at 12:46
-
Sorry I was delayed. OTP authentication is not available. – Rama Krishna Majety Oct 13 '17 at 09:55
1 Answers
2
Biometrics is just data. Yes, it is possible to take captured biometric data and 'replay' it back into the system. BUT, the more important question is how the system protects against this. This is a known problem with multiple ways of combating it.
So, yes, it is possible but only if the system is so poorly designed that one would have to question the system's validity at performing core principles.
schroeder
- 123,438
- 55
- 284
- 319
-
"only if the system is so poorly designed" -> that's all of them, right now, for almost every biometric aside from vein pattern and retina scans (simply because there's no easy way to build a physical model of those). I've done work and research in the biometric space and while the better systems do attempt to do proof-of-life detection, they still get fooled by very simple tricks (e.g. placing a contact lens over a picture of someone's iris taken at a distance with a DSLR camera) – Polynomial Oct 12 '17 at 13:01
-
1@Polynomial I'm not talking about proof-of-life: I'm talking about data replay. Copying biology is different from saving biometric data because the data is a representation that's been translated for the purposes of comparison. – schroeder Oct 12 '17 at 13:03
-
1Ah, sorry, I misunderstood - yes, systems that allow you to inject raw biometric data via an API rather than using the legitimate capture device are very poor indeed. I was thinking you meant replay in terms of capturing a biometric image and then replaying it to a sensor. – Polynomial Oct 12 '17 at 13:05
-
Thanks for the reply @Schroeder. Basic security is ensured with OTP(One Time Password). At times the compromised mobile has a chance. – Rama Krishna Majety Oct 15 '17 at 05:31