Fingerprint hacking - is this a project management concern?

Save for later

Favourite

Cybersecurity, hacking, black hat activities. It's been all over the news lately and many large organisations – such as the credit firm Equifax, and Uber – have been affected heavily including their large customer base. The end result? Often huge financial losses for the company and identity messes and possibly even financial injury for many of the customers who's records were affected and used inappropriately. We can do a better job of risk planning and hope to avoid or more readily mitigate – rather than just react – to such illicit activity when it happens. And we should. But the bottom line is that hackers are always going to find a way, and they are always one step ahead of us - we often just don't know it yet and aren't expecting it. It happens with deadly terrorist attacks and it happens with hacker attacks just the same.

But now here is a concept that I hadn't really considered before... something I hadn’t previously considered and probably why I should stay away from digital security conferences and reading related documents - the hacking of fingerprint databases. Passwords, credit cards and even identities can be fixed or changed or re-issued. But fingerprints are for a lifetime. You can’t change those. You can remove them…ouch. But you can’t get new ones. And guess what? Fingerprint authentication as a security measure is growing. it’s not just a futuristic “Mission: Impossible” gimmick anymore. It’s on your laptop and your smartphone and your tablet.

The good news is – the usage right now is small and it’s on your personal device. It’s being authenticated on your device, not across the internet. The bad news is – usage is growing and devices can be hacked. And there are central uses that are part of cyber security:

  • Banking
  • Mobile devices
  • Building security

What does this mean to project managers and IT professionals? I’m not sure because it had not struck me till now. But while attending the annual Black Hat conference in Las Vegas there was a briefing about it titled, “Fingerprints on Mobile Devices: Abusing and Leaking”, by Yulong Zhang & Tao Wei. I guess you might say it opened my eyes a bit. Not to the usage, but to the potential long term security threat if a fingerprint database is breached. This wouldn’t be like Equifax or Target or Wells Fargo getting their account number databases hacked. This would be a bigger issue. My fingerprints are on file for previous FBI security clearances as well as adoption background checks and gaming/hospitality sheriff cards.

Now, rest assured, someone stealing a database from your bank or government agency that has your fingerprint in it probably isn’t going to harm you too much – if at all. At least not now because what would they do with it? Frame you in a big art theft jewelery heist? That only happens in something like a James Bond movie right now. But as the uses for fingerprint authentication grow – and I’m not sure what those would be (use your imagination) - it could cause problems for the general using public.

Summary / call for feedback

As we think of this in terms of projects and IT security, we will need to be aware of the potential for this type of hack if fingerprint security is part of our project solution access or login measure. If not, don’t worry. But the future changes. When I was a COBOL developer in the 80’s no one was concerned about two-digit year codes and what that might mean when the clocks turned from 1999 to 2000. And we were only 15 years away from that near disaster at the time. Talk about being short-sighted for some measly disk space!

How about our readers? What’s your take on this? Have you worked a project where ID access / authentication was fingerprint-based? If you haven’t yet, and you manage projects much longer with any type of security tied to it, you’re going to run across fingerprint authentication sooner or later.

Brad Egeland

Posted by Brad Egeland on 24th Nov 2017

About the Author

Brad Egeland is a Business Solution Designer and IT/PM consultant and author with over 25 years of software development, management, and project management experience leading initiatives in manufacturing, Government contracting, creative design, gaming and hospitality, retail operations, aviation and airline, pharmaceutical, start-ups, healthcare, higher education, non-profit, high-tech, engineering and general IT.

He has authored more than 6,000 expert project management, best practices and business strategy articles, eBooks and videos. Brad is married, a father of 11, and living in sunny Las Vegas, NV. Visit Brad's website at http://www.bradegeland.com/

Comments on this site are moderated. Please allow up to 24 hours for your comment to be published on this site. Thank you for adding your comment.
{{comments.length}}CommentComments
{{item.AuthorName}}

{{item.AuthorName}} {{item.AuthorName}} says on {{item.DateFormattedString}}:

Share this page

Login or Register to leave a comment:

Recommended blogs

3D mobile mapping: changing the PM landscape

20 September 2017

Whether PMs require the ability to record and assess a building undergoing redevelopment, construction progress monitoring or even demolition planning – handheld mobile mapping devices are increasingly the go-to tools for all stages of an asset’s lifecycle.

Save for later

Favourite

Here come the robots to do our job?

28 September 2017

In the slew of stories and news on the transformation that technology is likely to make to our lives there has been a strong flavour of fear, or at least foreboding, about how robotics could cut a swathe through traditional jobs.

Save for later

Favourite

Recommended news

Event

How can we improve?

6 February 2018

Thinktank report shines a light on how we can improve infrastructure projects.

Save for later

Favourite

Save for later

Favourite

Join APM

Sign up to the APM Newsletter.