in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Biometrics And BYOD Data Security: Doctor Uses "Silicone Fingertips" To Clock-In Colleagues

You have a smartphone or a tablet (or both...and then some) and it's full of data you want to protect.  So, you turn on device encryption and secure it with a password.  But, you have too many passwords in your life and wonder whether there isn't a better method to control access to your device.  There might be, but there are limitations, as the following story shows.

According to the BBC and other sources, a doctor in Brazil was arrested "for using silicone finger tips to sign in for work for absent colleagues."  Many device manufactures are looking to include fingerprint scanners into their mobile devices, and one wonders if this is a good idea in light of the circumstances.

Punching In for Colleagues at Emergency Medical Unit

According to bbc.co.uk, a doctor in the town of Ferraz de Vasconcelos, just outside of São Paulo, Brazil, was caught clocking in for colleagues.  Of course, it's illegal, but it sounds like one of those everyday occurrences that happen once in a while all over the world; after all, we've all seen those instances in movies or in real life where a guy says "hey, I have to pick up my kid at school; I'm gonna leave 15 minutes early, could you clock out for me?"

The story in Brazil has grown into a national scandal, however, because:
  1. The doctor was caught with silicone finger tips for six colleagues;
  2. She's claiming that she was instructed to do so from higher ups; and,
  3. This is an emergency medical unit (the BBC says it's a hospital, but it's more than thant.  This Brazilian site shows it to be a "Serviço de Atendimento Móvel de Urgência" which roughly translates to "Urgent Mobile Auxiliary Service").  In other words, employees are expected to be there regardless of what happens.

Although she had six extra fingers in addition to her own, five employees have been suspended according to globo.com.

It's estimated that the town has as many as 300 civil servants who get paid for work while not showing up for work.

But, this is not proof that biometric security doesn't work.  Rather, it's proof that security requires layers (although, granted, fingerprint biometrics has a history of not working so well).

One of the reasons why fingerprints are looked at as a practical, easy alternative to passwords is that they're unique to each person and they're always "there" (assuming you don't have a physical accident).  The idea is that nobody else can use your fingerprints; hence, it's the perfect password.

On the other hand, the above story shows how easy it is to override fingerprint biometry.  It's not just silicone.  There have been successful hacks that use photocopies, gelatin, "left over fingerprints" (i.e., the fingerprint left behind from the last person who used a fingerprint scanner), and the classic case of entering premises after someone opens the door.

The trick to successfully using any type of security measure is to double-up on it.  For example, if you're employing biometric scanners, also require the use of passwords.  Lifting someone's fingerprints and getting them to spill their password is harder than either one by itself.


Related Articles and Sites:
http://www.bbc.co.uk/news/world-latin-america-21756709

 

<Previous Next>

BYOD, US Borders, Laptops, and Smartphones: Fourth Amendment Rights Coming Back Home At US Borders

BYOD Security And Reputation Damage: UK ICO Releases BYOD Guidance

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.