Kaspersky Lab reveals how criminals could exploit biometric ATM authentication


Researchers at Kaspersky Lab have investigated how cybercriminals could exploit new biometric ATM authentication technologies to steal the fingerprint data of banking customers.

While many financial organizations consider these emerging biometric-based ATM solutions to improve security over current authentication methods, cybercriminals can potentially use biometrics to steal sensitive information.

In its investigation into these underground cybercrime practices, Kaspersky Lab researchers found that there are already at least 12 sellers offering skimmers capable of stealing victims’ fingerprints.

At least three of these underground sellers are currently researching devices that could illegally obtain data from palm vein and iris recognition systems.

The first wave of biometric skimmers was observed in “presale testing” in September 2015, in which the developers of these skimmers discovered several bugs.

Developers found that the main issue related to the use of GSM modules for biometric data transfer, which were too slow to transfer the large volume of data obtained.

As a result, new versions of the biometric skimmers will use different, faster data transfer technologies.


“The problem with biometrics is that unlike passwords or pin codes, which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image,” said Olga Kochetova, security expert, Kaspersky Lab. “Thus, if your data is compromised once, it won’t be safe to use that authentication method again.

“That is why it is extremely important to keep such data secure and transmit it in a secure way. Biometric data is also recorded in modern passports – called e-passports – and visas. So, if an attacker steals an e-passport, they don’t just possess the document, but also that person’s biometric data. They have stolen a person’s identity.”

There have also been ongoing discussions in underground communities regarding the development of mobile applications in which attackers exploit the victim’s photo posted on social media and use it to dupe a facial recognition system.

In addition to these biometric ATM theft tools, Kaspersky Lab researchers reveal that hackers will continue to perform malware-based attacks, blackbox attacks and network attacks to compromise data that can later be used to steal money from banks and its customers.

Securelist.com offers a full threat overview report regarding upcoming cyberthreats to cash machines and safety tactics that can be deployed to protect banks from these threats.

Additionally, there are a number of videos demonstrating the various attack vectors against ATMs.

Previously reported, WISeKey International Holding Ltd released WISeID 6, an updated edition of its personal data and identity protection application that is now integrated with BlockChain technology. – Biometric Update

Share on Google Plus

About Webber

I am among of the writers and administrators of this web site. I always on the heads up when it comes to Sports, Politics, Economy, Business, Physics, Mathematics, Technology, computers and NEWS all over the world that triggers ny eyes and interests. I am working as a volunteer with other 14 administrators, researchers, writers and contributors. We are a strong solid team. Join us and be among of the contributor with your name on each posted article.

    Anonymous or Google Comment
    Facebook Comment



Investment Recommendation: Bitcoin Investments

Live trading with Bitcoin through ETORO Trading platform would allow you to grow your $100 to $1,000 Dollars or more in just a day. Just learn how to trade and enjoy the windfall of profits. Take note, Bitcoin is more expensive than Gold now.

Where to buy Bitcoins?

For Philippine customers: You could buy Bitcoin Online at Coins.ph
For outside the Philippines customers  may buy Bitcoins online at Coinbase.com