Three sneaky ways hackers break into phones

Three Sneaky Ways Hackers Break Into Phones

Here is a scary fact: According to one recent study, 47 percent of businesses that were surveyed had at least 1,000 sensitive files exposed to every employee while 22 percent of companies had 12,000 or more.

Does this sound a bit like your organization? Chances are likely that your employees have sensitive data floating around on their mobile devices, which could be easily extracted by a sophisticated hacker.

Unfortunately, smartphones are highly vulnerable to hacking. Here are three unexpected ways that a hacker could break into a mobile device and lift information for personal gain:

Number spoofing: What’s the easiest way to break into someone’s phone? As it turns out, you don’t have to breach their device at all. Now, hackers can download a spoofing or caller ID application to mask their telephone number and assume someone else’s. Hackers could use this strategy to trick employees into surrendering sensitive information via SMS.

Motion orientation sensors: Smartphones contain a major security flaw, in that mobile websites and applications do not need special permissions to access motion and orientation sensors.

As explained in Android Authority, hackers are now using device positioning and movement sensors to hack passwords. When a user taps, scrolls or presses on a screen, in other words, each movement will cause the person to hold the device a certain way and it can be easily observed by a snooping third party. This information is very valuable to a hacker. In one study, hackers were able to hack four-digit PINS with 70 percent accuracy the first time around, and 100 percent accuracy the second time.

Masterprints: Here at VoiceVault, we maintain that fingerprint sensors — though effective most of the time — should only be used in conjunction with other authentication solutions like voice biometrics. This is because they can be vulnerable to attacks. Researchers, for instance, recently discovered that smartphone fingerprint sensors could be fooled up to 65 percent of the time by “master prints” which are digitally rendered from common fingerprint readings.

So take our advice: It’s time to fortify your business’s mobile end points before one of your employees’ phones gets hacked.

Register for a FREE Developer Trial Now

Why-did-HSBC’s-Voice-ID-system-fail

Why did HSBC’s Voice ID system fail?

You may have read the news that the BBC have successfully caused HSBC’s Voice ID system, provided by another voice biometric vendor, to falsely accept the non-identical twin of an enrolled user. This occurred after the ninth attempt that the twin took to access the user’s bank account. Thus, causing the issue to be that of failing to follow best practices rather than a failing biometric element. Since all biometrics are statistical in nature, measures must be taken to ensure that the likelihood of a false accept is as low as possible. Current best practices can include account or device lock-out after multiple failures, which would have prevented the BBC’s false accept.

To further help financial organizations protect and prevent against this recent type of breach, VoiceVault is excited to share with you the upcoming release of VoiceVault Fusion 9. Version 9 of our core, proprietary, engine includes additional controls, new biometric modes, seamless integration with other authentication factors, and detailed reporting with location services. Official announcement and details forthcoming in the very near future.

In addition to staying on the forefront of voice biometric technology, we pride ourselves in working collaboratively with our clients and partners to suit each individual use case. With over 10 years of experience in the market, our team is more than happy to talk through the end-to-end statistics and recommend an array of additional methods of best practice, including the implementation of multifactor authentication.

As mentioned by a spokesperson from HSBC, since launching last year, HSBC’s Voice ID system has been successful in reducing fraud. Therefore, voice biometrics are still more secure than historic knowledge-based-authentication systems, such as passwords and PINs.

Register for a FREE Developer Trial Now

UK-Banks-It’s-Time-to-Look-Beyond-Passwords

UK Banks: It’s Time to Look Beyond Passwords

Consumer interest in biometric banking is very strong in the UK right now. According to one recent study, 56 percent of UK customers actually prefer biometrics to traditional authentication solutions like passwords — even though there is still some general confusion among customers about how biometrics work.

Another study found that British consumers are almost twice as likely to trust banks over government agencies with storing and keeping biometric data safe.

There’s just one problem:

In order for customers to move beyond passwords and use biometric technologies, banks need to provide access to them. And there are still some mixed feelings in the financial community about the role that biometrics should play in authenticating logins and transactions. Many people still believe that passwords are better for protecting consumer accounts.

Passwords vs. biometrics: The debate is on

Consumer demand has forced the conversation to move forward. Recently, the Digital Banking Club (founded by Intelligent Environments, the digital financial services providers) gathered at the Law Society, London to address the motion “This house believes the password will never be replaced by your body.”

The debate was chaired by Retail Banker International Editor and Digital Banking Club Chair, Douglas Blakey. Guest panelists from Forrester, Fujitsu and Intelligent Environments spoke for the motion, while representatives from Secco, DWC and MasterCard spoke against it.

Before the debate, 42 percent of people agreed that the password will never be replaced by the body. But after the debate, just 19 percent agreed with the motion.

Opinions about biometrics varied from expert to expert. For example, some panelists voiced concern over false acceptances (FA) and false rejects (FR) in biometric systems. There is a small risk, in other words, that a biometric solution could malfunction and grant access to an imposter or reject the right user. This problem, however, can be addressed by embedding multifactor security layers. If one layer is breached, a hacker will still have to enter further credentials.

What’s more, some technologies — like VoiceVault’s voice biometric identity verification — come with very low FA and FR rates. VoiceVault guarantees a FA rate of just 0.01 percent, and a FR rate of less than 5 percent. Not all biometric technologies will offer the same level of protection.

We can also argue that false acceptances and rejects happen all the time with passwords when accounts get hacked, or locked.

Will we ever see beyond passwords?

It largely depends on who you ask. Some of the panel at the Digital Banking Club debate, believe that while biometrics will be popular, passwords will never be completely replaced. However, other panelists argued biometrics will eventually replace passwords, but in time.

One panelist likened favoring passwords over biometrics to favoring a horse and cart over a car. The technology is outdated, inefficient and insecure. The same panelist mentioned a study from the Netherlands, conducted by Mastercard, where nine out of 10 participants indicated they would like to replace their passwords with biometrics. And almost 75 percent of users are convinced that biometric security will decrease fraud.

What was interesting is that every single panel member used their iPhone fingerprint scanners to access their debate notes on the podium…

So, should your bank abandon passwords right now?

For now, you don’t have to worry about replacing passwords altogether. But you can look beyond passwords and start  phasing them out with biometrics, which can coexist nicely with passwords.

Your best bet is to give customers a variety of different security options, and let them choose the ones they are most comfortable with. If you try to force any technologies on them, you are liable to experience negative blowback.

View highlights of the debate below:

06.04.17 The Digital Banking Club Live Debate from Intelligent Environments on Vimeo.

 

Register for a FREE Developer Trial Now

Experience Voice Biometrics with the ViGo Demo App
ViGo-on-Google-PlayViGo-on-the-App-Store

Avoid-Sacrificing-Speed-for-Security-with-Voice-Biometrics

Avoid Sacrificing Speed for Security with Voice Biometrics

As a contact center administrator, you’re seeking a voice biometric identity verification solution that will enable a secure, but convenient, phone-based login experience for your customers.

This is very important, as you don’t want to implement security with voice biometrics that customers will have a hard time using. This could result in a low user adoption rate.

As such, you have a tough decision to make: Should you opt for active or passive voice biometrics?

Active voice biometric authentication would require an end user to submit a correct voice sample every time he or she dials into the contact center. This is done by speaking a short phrase into the microphone.

Conversely, a passive system would require a customer to submit a single voiceprint during enrollment. No further samples would need to be given for subsequent logins, as the computer would naturally scan the user’s voice during a normal conversation with an agent. This type of enrollment takes about 45 seconds for the customer.

So, which is the better solution? The short answer is that it depends on your business’s needs. You can make a case for both kinds. But if there’s one thing you don’t want to base your security with voice biometrics decision on, it’s time savings.

Many people, in other words, think that passive authentication systems will lead to higher adoption rates because it saves the user time during the identity verification process. The truth, though, is that the difference between active and passive authentication comes down to just a few seconds. And most customers will dial into the contact center sporadically. It’s not usually an everyday task, and so a few seconds probably won’t be enough to annoy a customer.

To learn more information about VoiceVault’s solutions for contact centers, click here.

 

Register for a FREE Developer Trial Now

Experience Voice Biometrics with the ViGo Demo App
ViGo-on-Google-PlayViGo-on-the-App-Store

Facebook Announces Plan to Retire Passwords

Facebook Announces Plan to Retire Passwords

Facebook made several exciting announcements at its recent F8 developer conference. There was the launch of Facebook Spaces, talk of augmented reality and some exciting new features for Messenger.

Our favorite announcement, though, came when Facebook announced a roadmap to transition users away from passwords.

The plan is not going to happen overnight, but Facebook has already started the process. At F8, the company launched a closed beta version of Delegated Account Recovery, which will provide login assistance for users on affiliated third party websites. This program will allow Facebook to act as a backup security key when users cannot access their accounts. Users who forget their passwords for other sites will be able to use knowledge-based questions (like photo recognition) to recover their accounts.

The goal is to limit the amount of personally-identifiable information that users have to distribute when logging into accounts.

“We want to make sure we can let you use [identifying] information to keep yourself secure, but not have to trade your privacy,” state Facebook security engineer Brad Hill. “Right now you tell your mother’s maiden name to 500 different places and if any one of them gets hacked, then you’re vulnerable everywhere.”

As of right now, developers must apply to use Facebook’s technology, but eventually it will be open-sourced.

Since the program is still in its beta version, that means there is plenty of room for growth and innovation. One way that Facebook can make this service even better is to add a voice biometric identity verification component. Voice authentication is one of the most convenient —and secure — ways to authenticate an end user.

Why not try the technology for yourself? To learn more about VoiceVault’s free trial for developers, click here. A free demo app is available here.

Register for a FREE Developer Trial Now

Experience Voice Biometrics with the ViGo Demo App
ViGo-on-Google-PlayViGo-on-the-App-Store

Scientists-Unveil-New-‘Lip-Password’-Technology

Scientists Recently Unveil New ‘Lip Password’ Technology

A group of researchers at Hong Kong Baptist University have recently created a new biometric identity verification solution that is capable of identifying a user by the motion of his or her lips.

The solution, which is currently being referred to as a “lip motion password,” requires an end user to speak a unique phrase into the microphone of a device. The biometric engine then scans the shape, movement and even texture of the user’s lips to determine their authenticity.

As of right now, the researchers have a patent for the solution and expect to deploy it soon for verifying financial transactions. It could also be used to verify ATM transactions and to grant access to private premises.

This development is fantastic news for the biometric identity verification industry, and one that we are excited about here at VoiceVault. Once the technology is cleared for commercial use, it will offer businesses yet another option for secure and convenient mobile authentication.

Security-minded administrators should feel good about using this type of facial recognition software, too. As Forrester pointed out in its Biometric Authentication Q1 2017 report, facial recognition software has significantly improved thanks to recent advancements in standards and algorithm development. The technology is becoming more secure, and more reliable than it was in the past.

It’s important to realize, though, that lip motion passwords will not be any better or worse than other leading biometric technologies like iris and fingerprint scanners, or voice biometrics. Rather, it will be just another option to consider. Administrators should think about the positives and drawbacks for each technology. And best practices call for deploying multiple biometric solutions for greater convenience and increased security.

At the end of the day, though, your business needs to be using at least one of these technologies to protect its mobile accounts. Many companies are still way behind in their information security efforts, despite the fact that powerful security solutions are readily available in plug-and-play format. In fact, according to a recent study only one in five companies now fully consider information security in their strategy and planning.

VoiceVault’s voice biometric authentication solution, ViGo, is cloud-based and can be easily embedded into any application or contact center service.

Free demos are also available if you are new to the technology. You can find out more information by clicking here.

Register for a FREE Developer Trial Now

Experience Voice Biometrics with the ViGo Demo App
ViGo-on-Google-PlayViGo-on-the-App-Store

Major Australian Bank Adopts Voice Biometric Identity Verification

Major Australian Bank Adopts Voice Biometric Identity Verification

Interest in mobile banking may be strong among consumers today, but user adoption continues to lag behind. According to one study, a third of consumers in the U.S. and U.K. claim they avoid mobile banking applications. About one third say will never use them. And almost three quarters of people in who agree blame security.

In light of this, many banks are reassessing their mobile security strategies as they attempt to make them more attractive for customers. We are seeing an increasing number of banks offering multifactor security options that integrate traditional password and answer-based authentication technologies with cutting-edge biometrics like voice, fingerprint and iris scanners.

Just recently, for instance, Australia’s ANZ bank announced it will begin offering customers voice biometric security to protect high-value mobile transactions of $1,000 or more. Previously, customers had to make these transactions in person.

“A person’s voice has five to ten times as many security points than other methods such as fingerprints so we know this will improve security and be welcomed by our customers,” stated ANZ Managing Director Customer Experience and Digital Channels Peter Dalton.

Dalton is referring to the fact that voice biometric engines can register points like the average pitch, speed and tone of a user’s voice. All of them must match in order to approve authentication, which makes it one of the most complex secure options out of all the biometric solutions on the market.

For years, VoiceVault’s mobile voice biometrics solution, ViGo, has been protecting high value mobile transfers for a major global bank as well as in many other financial institutions. VoiceVault has protected billions of dollars in transfers.

To learn more about how VoiceVault can protect your organization, click here.

Register for a FREE Developer Trial Now

Experience Voice Biometrics with the ViGo Demo App
ViGo-on-Google-PlayViGo-on-the-App-Store

Use Voice Biometrics To Enhance Smart Home Devices

Use Voice Biometrics To Enhance Smart Home Devices

What does it take to stand out in the saturated consumer IoT market?  It’s no longer good enough to just offer connected smart home devices. You need to go above and beyond in order to differentiate your solutions and win over customers. Otherwise, you’ll risk falling behind the competition – especially as the market continues to grow!

So, where should you focus your attention? There are two areas you should consider improving:

Ease of use: How do consumers interact with your products? Do they have to manually toggle through a built-in interface on a device? Or do they have to use a mobile interface? Both could prove to be burdensome. Think of a customer resting in his or her chair, and wanting to adjust the heat or lighting. The customer should be able to do so without getting up or picking up a phone.

Accessibility: Should everyone have unrestricted access to your products? Customers may not want children or elderly relatives using connected appliances or accessing certain areas of the house. And they should have the ability to protect them.

You can improve ease of use and accessibility by embedding voice biometric identity verification directly into the framework of your connected products. And VoiceVault can help.

VoiceVault offers embedded voice biometric authentication for smart home devices. You can use VoiceVault’s API for the following types of IoT systems:

  • Home entertainment
  • Utility management
  • Kitchen appliances
  • Security systems

To learn more information about how VoiceVault can enhance your products, click here.

Register for a FREE Developer Trial Now

Experience Voice Biometrics with the ViGo Demo App
ViGo-on-Google-PlayViGo-on-the-App-Store

No Need to Be Exclusive About Mobile Identity Verification

No Need to Be Exclusive About Mobile Identity Verification

Imagine a large house, with multiple entrances. A well-balanced structure will have a combination of storm doors, sliding glass doors and wood fixtures all offering strong security as well as convenient access into the home. It’s rare to find a house with just one type of door.

In a mobile application, security checkpoints act like doorways into the software for customers. And just like architects have many different types of doors to choose from, developers have multiple biometric—or biological—options to layer on top of an application for mobile identity verification.

These can include:

Of course, these solutions all offer varying levels of convenience and security. Generally speaking, it’s difficult to say that any one is better or worse than another. For example, voice biometric identity verification is widely regarded as the most secure option of all of these; however, there are some environments where voice biometric authentication can actually be inconvenient for users — like in a noisy environment where it can be difficult for a microphone to pick up a clear voiceprint. In this case, a customer would be more apt to use a fingerprint or iris scanner to log into an account.

So as a developer, it’s best to take a multimodal approach to mobile identity verification. Offer your customers or coworkers a variety of options for logging in securely, and they will be more apt to actually turn them on and use them instead of bypassing them out of convenience. There is no need to be exclusive when it comes to biometric authentication.

To learn more about how voice biometric identity verification can fit into your multimodal authentication strategy, click here.

Register for a FREE Developer Trial Now

Experience Voice Biometrics with the ViGo Demo App
ViGo-on-Google-PlayViGo-on-the-App-Store

this factor can make or break your wearable technology

This Factor Can Make or Break Your Wearable Technology Solution

Why do consumers love wearable technology?

The answer is simple: Wearables provide easy access to important communications, health and entertainment applications. They empower users to leave their cumbersome mobile devices at home, and engage freely in physical or work-related activities without losing connectivity.

So when you’re developing wearable products or applications, it’s important not to lose sight of the convenience factor. Any component you add to a device should work to make it easier and more convenient to operate. Consumers have little patience for wearable technology that is difficult to access.

This is especially true when it comes to the login process. Login should take a user just a few seconds, and shouldn’t force the user to stop what they are doing.

Imagine, for instance, someone jogging on a treadmill who wants to check email on a smart watch. A password, fingerprint sensor or iris scan would require the user to stop running and devote their full attention to logging in. This defeats the purpose of using a smart watch in the first place!

With voice biometric identity verification, however, the process is quite easy. A user simply has to speak into the microphone, and the voice biometric engine will grant access. No usernames or passwords are required — making voice authentication one of the most convenient and secure authentication solutions on the market.

VoiceVault’s ViGo Wear is a product that is specifically designed for use in wearable devices and applications. Developers can easily embed ViGo Wear into just about any device, including Google Glass.

To learn more about ViGo Wear, click here.

Register for a FREE Developer Trial Now

Experience Voice Biometrics with the ViGo Demo App
ViGo-on-Google-PlayViGo-on-the-App-Store