As we look at the world around us, it certainly seems that every aspect of it is being digitalized.
While I am fully aware of the immense positive impact of digitalization, I find myself often wondering if we, as customers, fully understand the implications of the solutions and technologies we so readily adopt and use as part of our daily lives:
Biometric authentication: Instead of using passwords that are difficult to remember, many of us are happy to use fingerprint or face recognition as an alternative authentication modality, in order to login to our phones and/or online bank accounts. However, all security experts will tell you that biometrics can be defeated by a simple presentation attack: an adversary can find an image of a user which shows their face or fingerprint, and print it as either a 2D paper image, or a more sophisticated 3D one. The attacker can then simply hold the image in front of the phone camera, and fool it into believing it is the legitimate user’s face, or fingerprint.But are we aware of such a risk when we voluntarily share our images on social media? And can we take back or delete our digital history when we need to?
DNA test: Millions of consumers have already given up their DNA information for companies such as ancestory.com. and why wouldn’t they? Such companies use our DNA to tell us exciting stories about where our ancestors came from, as well as connect as with relatives we didn’t even know existed.However, would we still share our DNA if we knew that it can be weaponized against us? A simple attack would be to target us with food allergies that the tests reveal? More alarmingly, DNA testing is still at its infancy, and nobody fully comprehends the extent of the sensitive information these companies will be able to deduce from it in the future.
TSA travel bags: TSA (Transportation Security Administration) promised travellers all over the world that TSA-approved travel bags can exclusively be opened by the American customs. This security claim collapsed when an innocent documentary which showcased these travel bags also showed an image of the TSA 7 master keys. A hacker watching this documentary from the comfort of his own home in France, quickly realized that he can zoom in into the picture of the keys, and reproduce them using a 3D printer. Today, duplicates of these key are sold online for as little as 5 euros, compromising the security of 3 million travel bags.
The above examples, and many more, clearly show the complexity of assessing the implications of digitalization for both consumers and business entities.Indeed, not everything that can be digitized, should be digitized...until we reasonably comprehend its societal impacts on the individuals’ privacy and safety.
Within my own industry, Fintech, I can’t help but wonder how such complexity can be efficiently captured and evaluated. This question is very timely for the banking sector, since it is undergoing radical changes due to the advent of PSD2 which is opening customers’ data to various third-party entities. Authentication , for instance, is an important piece of this puzzle, and it is imperative that we get it right.
Is technology a double edged sword?