The FBI made headlines this week with a Private Industry Notice warning partners in the private sector about sophisticated hacks of MFA security systems, and BIO-key is celebrating the Bureau’s recommendations regarding biometric security.
The FBI’s alarm over the issue appears to stem from hacking incidents cited in the FBI’s Internet Crime Complaint Center. These instances saw hackers overcome MFA systems through the use of techniques and tools such as social engineering, SIM swapping, and technical attacks aimed at flaws in browser-based security. In one instance, for example, a hacker entered a manipulated URL strong on a bank’s login page in order to fool the browser into recognizing his as an authorized computer, allowing access to actual bank account services such as wire transfers.
This isn’t to say that multi-factor authentication is now outdated; indeed, the FBI’s notice takes care to assert that MFA “continues to be a strong and effective security measure to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks.” To that end, the agency recommends that organizations embrace the use of security systems incorporating “biometrics or behavioral information—such as time of day, geolocation, or IP address.”
This, of course, is what many security experts have been saying for years now – including BIO-key, the provider of fingerprint readers that can be plugged into a computer or laptop’s USB port, among other solutions. In a statement applauding the FBI’s recommendation, the company noted that the FBI’s Private Industry Notification represents the first time that the law enforcement agency has expanded on an initial formal endorsement of MFA security issued in 2015.
“The FBI’s report and recommendation is so powerful because it comes from their unique vantage point from the front lines, fighting cybercrime and investigating real breaches, not from an ivory tower or hardware token industry standards group,” commented BIO-key Strategy and Compliance VP Jim Sullivan. “The FBI has one goal, which is the prevention of cybercrime, and that makes them a very credible source.”
For its part, BIO-key enjoys a high degree of credibility as a solutions provider. The company has seen its biometric authentication solutions deployed across a range of sectors including government and law enforcement, and CEO Mike DePasquale has been upbeat in noting increasing market interest in his firm’s biometric solutions – which may reflect a larger trend as more companies and government entities recognize the advantages of biometric security.
October 10, 2019 – by Alex Perala