Have you been hacked yet?
If you said no, you're one of the few left standing. Nearly three of every four Americans have been the victim of cybercrimes, which may include viruses, credit card fraud, and identity theft. Nine out of 10 companies have had their computer systems breached in the past year. Small wonder, then, that digital destruction is now more threatening than terrorism. The more statistics you see, the worse the problem seems.
Many times, hackers don't even need your passwords. A shocking Wired article published earlier this month revealed how little effort it really takes to break into your most valued online spaces. Apple's (Nasdaq: AAPL ) security countermeasures require little more than the last four digits of your credit card. Your Amazon.com account displays these vital digits to anyone who can get past customer service -- made possible with information the hackers may very well have from their initial prodding of your Apple account. Overworked and underpaid customer-support representatives are often more interested in processing a call quickly than in determining its legitimacy.
If your digital life is linked together closely enough, the entire house of cards could be flattened in less than an hour. Family photos, email histories, business invoices, creative work, and all your connections -- it could all be gone before you wake up. But the solution may be closer than you think.
Your body and the markers that make it unique could soon become a standard security measure for all manner of access, from digital shopping carts to cloud-based storage. Using your unique bodily "signature," so to speak, is called biometrics. There's no need to remember any 13-character passwords that resemble cartoon curse words. Just wave your hand over a scanner, look into a camera, or say your name, and highly sensitive devices can identify you in ways that can't be hacked quite so easily.
At least that's what cybersecurity experts hope. Nothing is perfect -- even your biometric identifiers can be "hacked," as I'll explain. But as these systems continue to develop, they may be the best defense you'll have against increasingly sophisticated efforts to invade your digital life.
Raise your voice
Voiceprint identification, or speaker authentication if you prefer, has a long and storied history in film, but it isn't quite as popular in the mass market. But voice control, which simply needs to interpret your commands, is by now well known.
The gap between voice control and voiceprint identification is narrow. Siri, Apple's voice-activated assistant, has by now collected millions of users' voices on its processing servers, one necessary prerequisite for accurate identification systems. That remote hosting has led large companies, among them IBM (NYSE: IBM ) , to ban Siri among its employees, for fear that unique identifiers might be used to pinpoint key users and extract private corporate information from their commands. But identifying users by unique voiceprints would also help Siri provide more tailored responses.
While many large software companies are working on their own voice-control systems, the industry leader thus far is Nuance Communications (Nasdaq: NUAN ) , the speech analytics company behind Siri. Nuance has its own voice-recognition initiatives, including a frequent-flier program for US Airways (NYSE: LCC ) that acts as a concierge of sorts named "Wally." The program can identify US Airways' best customers by their unique voiceprints, providing a level of service that's allowed the airline to reduce customer-support staff by the hundreds.
As voice control becomes a common way to interact with your devices, it makes sense that voiceprint identification will become more common as well. The greatest risk of this sort of security, at present, may be that a truly dedicated hacker might be able to find and exploit your voice to embarrass or discredit you. The Federal Trade Commission's Bureau of Consumer Protection has voiced its concerns and may step in if software companies appear to be playing fast and loose with users' voice data.
The eyes have it
Retinal (or iris) identification is also a common sci-fi trope, but it has less publicly traded support. A number of private companies offer this sort of biometric security, but few publicly traded companies have thrown their weight behind it as they have with fingerprint or handprint identification, which I'll look at in a moment.
Iris identification has a wealth of research behind it, including an Iris Exchange established by the U.S. National Institute of Standards and Technology. The agency compared 92 different iris-recognition programs from nine different companies -- 3M's (NYSE: MMM ) Cogent subsidiary is the only publicly traded one of the bunch -- and found that accuracy ranged from 90% to 99%. If a 1-in-10 error rate isn't worrisome enough, iris scanners can be tricked.
It doesn't take anything nearly as gruesome as Minority Report's eye-replacement surgery to fool current systems. Security researchers revealed last month that artificial iris "codes" can be created that mimic the iris structures of real people. These digital re-creations fooled a commercial iris-recognition system at least half the time, using nothing more than good-quality color printers to print out the fake eye patterns. Better systems will help foil this hack, but its existence shows that nothing is truly foolproof or hack-proof.
Fingerprint biometric systems are better established than the others, and a host of companies have developed scanners or identification tools to make use of your unique hand-based identifying marks. Let's run through a few:
- IBM and Computer Sciences signed a 10-year, $971 million contract with the U.K. in 2009 to develop its National Identity Service's new passport biometrics. The initiative adds both fingerprint and facial biometrics to chips embedded in all passports issued after 2010.
- Ingersoll-Rand's Schlage subsidiary provides hand-geometry readers to several highly trafficked airports, including San Francisco International and Israel's Ben Gurion airport.
- Hitachi and Fujitsu have provided more than 80,000 ATMs in Japan with hand-reading biometric verification systems. The systems work so well that banks in Brazil, Poland, and Turkey are now adding them to their ATMs as well.
- 3M's Cogent has processed more than 1.5 million applicants to the U.K. Post Office, adding fingerprint biometrics to vehicle licenses and Border Agency visa applications.
- Apple bought fingerprint biometrics company AuthenTec last month, which may point to fingerprint identification access for future iPhone users.
The United States has been using fingerprint biometrics in its visas since 2002, and fingerprinting is one of law enforcement's most common identification tools. But these systems can be gamed relatively easily. Picking up grease, grime, newsprint, or other gunk on your fingers as you go through your day can be enough to change your unique biometric identifiers when run through a scanner. A committed "hacker" can also fake fingerprints by extracting them from a clean, flat surface, such as a mobile phone's screen. Sure, it's harder than simply taking your password, but it's hardly impossible.
Play it safe
No system is perfect, but storing your login information in your own body should represent a step up in security from alphanumeric passwords. These biometric systems are certain to spread in the future, and you may even find yourself logging into your devices with a touch of your thumb and a few spoken words. Does that thought make you feel safer? Whatever your reaction, let me know with a comment.
If you'd like to stay informed of Apple's cybersecurity efforts, the Fool's new premium research service will keep you covered. You'll get free regular updates on everything Apple for a full year, for less than the cost of one trade's fees -- get all the information you need.