According to recent studies, biometric data, which should ensure safer and easier access by replacing passwords, would, on the contrary, prove to be a new risk factor.

This emerges from a study carried out by Trend Micro, which analyzed several possible scenarios in reference to accesses managed with biometric data, including the Metaverse. It appears that cybercriminals could use information from stolen biometric data to deceive the devices used for connections in the Metaverse and thus make them accessible to others. Given that these are personal physical characteristics, it is evident that they cannot be changed with the ease and speed of a compromised password, with the consequent risk of a significantly longer breach, which could have a lasting impact. In the Metaverse, users can log in using different devices, but once they are "logged in" they have the ability to access a lot of information, such as bank accounts or even sensitive company data.

If we also think of the adversarial AI techniques, which consist precisely in the attempt to deceive the automatic learning models in order to modify their behavior, we also understand how the biometric data of the Metaverse users become a privileged target of cybercriminals: we are talking about of a large volume of data such as voice, fingerprints, face profiles, eyes. With such data, a criminal mastermind really has at its disposal a large number of different illicit activities.

Biometric data under attack.

However, this is not a last-minute novelty. Already three years ago a study carried out by Kaspersky had shown that they had been particularly targeted by computer malware that were intended for processing biometric data. Almost half of the server and PC had suffered at least one attempted attack with the aim of stealing fingerprints, the iris or the voice. It was about 23 GB of data on the operators of nearly 6,000 companies. The White House also suffered the loss of millions of fingerprints years ago.
 
However, the development of vulnerabilities related to biometric data also passes through social media. Also in the Trend Micro report it turns out that it is the users themselves who share them by making them public. Videos of eye make-up techniques, for example, would expose enough iris patterns to outrun scanners. This would also happen for voice messages or with images of faces and hands. When such information is published, its dissemination is almost completely beyond personal control, and in fact it is not possible to know who comes into possession of it and with what intentions.


newsletter image