Biometric technology is not only abused for dramatic effect in pop culture, sometimes its absence is enough to ratchet up the stakes in our favorite forms of entertainment. Today in the Pop Cultural Identity Management blog we are going to take a look at a very recent example of how biometrics could have caught a notorious criminal in the act on NBC’s current television series Hannibal (airing Friday nights at 10PM EDT).
This is my design
Hannibal is a reimagining of the novel Red Dragon by Thomas Harris, the infamous 1981 book that introduced the world to Hannibal Lecter. Using the classic crime procedural format, special agent Will Graham enlists the help of the infamous cannibal serial killer (at this point still undiscovered as the embodiment of the devil) to recreate horrendous details of each case of the week to create a psychological profile and catch the bad guys (but not THE bad guy that gives the show its title).
(The international trailer for Hannibal season 1)
In the very first scene of the show, Will Graham is in the process of reliving a grisly home invasion perpetrated by the Red Dragon himself: Francis Dolarhyde. The details are appropriately horrific for the show’s subject matter and include something that will give biometric software providers nightmares: a successful replay attack on a home security system.
The crude art of replay attacks
When the bogeyman breaks into the house and begins his unsavory acts, the house security alarm is activated. Because the Red Dragon had previously tripped the alarm while stalking his victims and tapped their phone lines, he doesn’t only have the PIN to turn off the alarm, he has a recording of his victim using her passphrase with the remote security operator that calls to check if everything is okay.
Holding his smartphone to the security terminal the villain replays a recording of the last false alarm, including the correct passphrase, “teacup.”
This particular bit of trickery is an example of one of the most common representations of biometric spoofing in popular culture. Thanks to scenes like this, a tape recorder has become movie shorthand for a skeleton key when it comes to any sort of passphrase-based security system, biometric lock or critical call center interaction.
As I mentioned in the first of these blogs, there is nothing interesting about a locked door. Uncompromisable safety is simply not entertaining. Because of this simple fact that Hannibal benefits from one of the best writing and directing teams on television, the Red Dragon gets away with the oldest trick in the book.
Thankfully, in a real world scenario there are technologies that can protect us from the would be Red Dragons of our nightmares.
A software solution to television horror
Voice biometrics come in two flavors: active and passive. The active version is the kind that is constantly being bypassed in the media by sneaky recording devices: the end user is prompted to say a set passphrase, like “teacup,” and that is matched to a voiceprint profile. Passive voice biometrics run in the background of a call, constantly comparing the voice speaking to its biometric template.
This software is used commonly in over the phone banking, but it could easily be applied to the worst case scenario we are looking at here. If the voice being submitted is not matching up with the template (or if it is the exact same as is the case in a replay attack) then a secondary authentication factor is requested. All it takes to foil a replay attack is a question that the spoofer is not prepared for.
If we take the first scene in Hannibal and replay it ourselves with modern biometric software in place on the security providers end, things go much differently. The Red Dragon plays his recording, the operator asks for a secondary factor and doesn’t get one, prompting him to send the police right away. Francis Dolarhyde is caught and we’re robbed of the promise of any more excellent and suspenseful entertainment involving Hannibal’s second most famous source material.
There’s nothing interesting about a locked door and there’s nothing safe in the world of entertainment.
May 9, 2014 – by Peter B. Counter
Do you have a favorite instance of biometrics in pop culture you would like to see in this blog? Contact Peter B. Counter through the findBIOMETRICS about page and let him know via email.
Keep the conversation going by following findBIOMETRICS on Twitter and tweeting with the hashtag #PCIMBiometrics.