Biometric System Threats and Vulnerability

A biometric system can generally be thought of just like another information system with a few exceptions. Like any information system, biometric systems contain sensitive information that must be protected from authorized disclosure, modification or corruption.

However, unlike most other information systems, a biometric system is used to protect other systems and assets. Therefore the value of the biometric system is equal to the value of all the assets that it protects. In particular, the value of a security failure associated with the biometric system is defined as the sum of all the value associated with systems it protects. It is obvious that the level of attention to the security of a biometric system should be quite high.

It is important to understand the vulnerabilities present in biometric systems and the threats that endanger them, the typical attacks on biometric systems, steps to be taken to strengthen the security of a biometric system and the assets in the organization that such strengthening helps to protect.

Like any other technology used to protect valuable business assets, biometrics security can be relentlessly attacked until its weaknesses can be found and exploited. The biometric systems may also contain valuable information that becomes the target of attackers. Thus, it is important to understand the threats to biometric systems and the vulnerabilities those threats target before we can hope to adequately protect our assets.

It is a must that we understand the meaning of the terms threat, vulnerability and risk. Vulnerability is a weakness in a system that may permit an attacker to compromise it. Threat is a potential activity that would, if it occurred, harm a system. Risk is the potential negative impact if a harmful event were to occur. It is vital to realise that not all vulnerabilities are of the type that can be attacked or exploited by someone of malicious intent. Vulnerabilities could lead to human error, whether of omission or commission, that could result in harm to a system. For example, a computer program whose users interface is so obscure that it leads to users who select the wrong options or perform the wrong tasks, resulting in errors and mistakes. An attacker may not have intent or means to attack this kind of vulnerability, the vulnerability still exists and can still result in trouble. The interface to a biometric system may have vulnerabilities.

More information on the implementation of biometrics based solutions can be requested from