What is the Microsoft data leak and how can I protect myself?
Over the past couple of weeks, you may have seen a story about a data breach affecting Microsoft in the news.
The leaked data was stored in Microsoft’s Power Apps portal service, a development platform where users can create web or mobile apps to use externally. The breach affected 47 organisations in total, including American Airlines, Ford and the New York City Municipal Transportation Authority.
In an official statement, Microsoft said “we take security and privacy seriously, and we encourage our customers to use best practices when configuring products in ways that best meet their privacy needs.”
While none of the data has been compromised, it did include:
- Full names
- Email addresses
- Phone numbers
- Job titles
- Union membership
- Covid-19 vaccination status
In May, investigations by security company Upguard found that users’ data was made publicly accessible when enabling the platform’s application programming interface (API). This was because users had to manually enable privacy settings, leaving some apps misconfigured. Microsoft said the flaw was “by design” and closed the investigation a month later.
So what does this mean for Power App users, and how can they protect their data online?
How can I protect my personal data online?
Microsoft has since made sure the portal keeps data private by default. However, there are a couple of extra steps you can take to keep your data secure:
- Keep personal data to a minimum, and consider how much data you are storing on the platform. Always ask yourself the question ‘Would you want someone to access this data?’ before sharing your personal information online.
- Consider who, and how many, users are accessing your data, particularly if it’s for school, college, or work.
- Set up multi-level security settings. There are four different layers of security, including app-level, form-level, and field-level. These can restrict access to the app, control how people enter or view data by their job role, and assign access to certain records. More information is available here.
Interested in finding out more about how to protect yourself online? Check out some of our other posts:
Facebook data breach: What can you do to protect your social media information
Just three years after the massive Cambridge Analytica and Facebook data scandal, the company is back in the news for another significant data breach affecting over half a billion of its users. Read on to find out more about this leak, if you might be impacted and what you can do to protect yourself.
What data was compromised?
The exposed data includes the personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, and 11 million on users in the UK. In Europe, Italy is the most heavily affected EU country, with more than 35 million users from that country caught up in the leak and almost 20 million French users have also been impacted. The information available includes phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses. It did not include users’ passwords.
You can check whether your phone number or email address were exposed in the leak by checking the breach tracking site HaveIBeenPwned.
How has Facebook responded?
Facebook has responded to the breach claiming that the data leak only compromises old data from a vulnerability already uncovered and patched by the company in August 2019. In a statement the company said, “It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019.”
Yet, while this breach concerns data that is a couple of years old, the leaked data could still prove valuable to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials. In addition, many people affected will not have changed their phone number or email address during these two years and so are still at risk of becoming victims of fraud due to this breach. As of April 2021, Facebook has not notified the users who have been affected by the breach and so every user of the platform should remain vigilant about phishing and smishing schemes attempting to use their data.
Has the company broken data protection laws?
Under some privacy regulations, including Europe’s GDPR, once a leak like this has been identified, the company involved needs to alert users who could have been affected. However, European regulators may be unable to do much about this leaked data, as it seems to have been stolen before GDPR came into force. Facebook was therefore not obligated at the time to notify users.
What’s more, now under GDPR any major data leaks or breaches must be notified to the relevant regulator within 72 hours. The fact that this leak has only started to be investigated now shows Facebook also chose not to follow this protocol. Had a breach of this size occurred in 2021, the company would be facing a huge fine for breaking these two key aspects of GDPR.
In the US, Facebook signed a deal two years ago that gave it immunity from Federal Trade Commission fines for breaches before June 2019, so if the data was stolen after that, it could face action there too.
What to do if your account was compromised
If you’re worried about your data, there are a variety of tools you can implement to increase the security of your account.
- The best way to keep yourself protected online is to use strong, unique passwords for every account. That way, even if your data for one site is compromised, the others stay secure.
- If you don’t think you can remember lots of varieties of passwords, use a password manager to store them for you.
- Enable two-factor authentication where possible. With this in place you will be notified each time someone tries to login to your account and will need to confirm your identity with either your biometric data, or with a code sent to your mobile. We have also written a post on how to add two-factor authentication to your social media accounts if you need guidance, here.
Data breaches can feel overwhelming for users but with increased regulation like GDPR, LGPD, and California Consumer Privacy Act, in most cases you will now be informed if your data was involved so you can take the necessary steps to protect yourself immediately.
If you have any other queries or concerns on data breaches, please leave a comment below and we will get back to you.
Can I decide what data smartphone apps collect about me?
By now, we have all become aware of what type of data we’re willing to share with companies. Major data breaches from the last couple of years, such as the Equifax, Yahoo and Capital One Bank ones, have made us more conscious of the personal information we share online and with whom. The truth is that we automatically agree to share our personal details from the moment we download an app on our smartphone in order to use a particular service provided. Usually, downloading an app provides companies with more direct access to your information than a visit to their website will. In fact, having access to our data is key for many of those apps and services to operate. Huge technology companies like Google and Facebook exist, and are profitable, because they can successfully monetise the data we share with them.
Which apps collect more data?
Most apps collect information such as an email address, name, age, gender, live location, home address, bank account, interests, to name just a few. But
there are apps that collect more personal information than others. Simply said, apps that collect the most data for you are the ones where you are the focus. These could be social network sites like Facebook and Instagram, dating apps like Tinder and Grinder, and even streaming services like Spotify and Netflix.
In most cases, the personal information that these apps collect about you is used to provide a more personalised experience when using these services. For example, when you open the Netflix app, it shows you content that the app thinks it will be of interest to you based on information such as age, interests and geolocation, as well as what you have watched previously.
Is there anything I can do to prevent an app from collecting my personal data?
Unfortunately, most apps won’t provide you with the ‘full experience’ unless you agree to share this data with them. However, this is not to say that you don’t have that option. You need to remember that you are in control of your data and only you can decide what information to give away and who to share it with.
One way to keep most of your personal information to yourself is to leave as many fields blank when registering a profile on an app as possible. Often, the mandatory fields are those for your name, email address, password and your bank details (if you’re registering for a paid for service). This means that you have the options to not fill in information such as your gender, interests, phone number, etc.
Experts say that it’s sometimes better to pay for an app than download a free one of the same kind. The reason for this is because free apps are only free because in exchange consumers give out personal data, which is often a lot more valuable than a small monthly fee, as this data allows advertisers to target them with personalised ads.
In most cases, when downloading an app, you’ll see a Terms & Conditions list pop out that explains how your data is used. It is also often at this stage where you can grant access to information and things like your phone’s camera and photos, location data or contacts list. If you have an Android smartphone, the list of permission pops out each time a new app is downloaded. iPhone apps on the other hand request the same permissions, but only after the apps are installed and running.
It is also worth checking your smartphone’s settings to make sure that apps aren’t collecting data they don’t need.
Here’s how to do it on an Android device:
- Open the Settings app.
- Tap Apps & notifications, followed by Advanced App permissions.
- Select a permission, like Calendar, Location, or Phone.
- Choose which apps should have access to that permission and remove the permissions for the apps you don’t want to have access.
Here’s how to do it on an iOS device:
- Open the Settings app.
- Scroll down and tap the Privacy icon.
- Select a permission, like Calendar, Location Services, or Camera.
- Choose which apps should have access to that permission and remove the permissions for the apps you don’t want to have access.
On Data Privacy Day 2021, Apple shared a report which illustrates how companies track user data across websites and apps. The company also highlighted how privacy features across Apple products provide users with more transparency and control. The company has said that will soon introduce an App Tracking Transparency tool which will require apps to get the user’s permission before tracking their data across third party apps and websites.
Interested to know more about this topic? Here’re a few suggested posts to read:
The changes have caused concern among some users that more information would be shared with WhatsApp’s parent company, Facebook. WhatsApp have denied this, saying that the policy is focused on its new business updates, which allow companies to host their shops on Facebook and speak to customers through the messaging service.
Due to what WhatsApp have called “misinformation” around the update, they have decided to postpone the policy for three months.
Here we dig into what the policy means and why a number of people have been concerned about its changes.
What’s up with WhatsApp’s new policy?
According to the company, they currently support more than 175m people who manage a business daily. The updates are designed to improve customer service communications, help customers discover relevant businesses and streamline the overall shopping experience. These changes will see more synergy between WhatsApp and Facebook.
This increased sharing of information is the key concern for sceptics. They have said that the new policy didn’t seem to offer any way to opt-out of the data-sharing policy, which left many wondering about the privacy of chats, calls and media shared over the platform. As a result, many former WhatsApp users have started to turn away from the platform and towards other alternatives – such as Signal and Telegram.
This includes outspoken technologist Elon Musk, who on January 7 2021, tweeted “Use Signal” to his millions of followers. Tracking firm Apptopia noted that the Signal app was downloaded 1.3 million times on Monday January 11, marking a significant uptick following Musk’s tweet. As of 24 January, WhatsApp has lost “millions of users” following the terms update.
WhatsApp have explicitly stated that the policy will not change the privacy and security of personal messages and calls on the platform. They reinforced this by saying “They are protected by end-to-end encryption, and WhatsApp and Facebook cannot read or listen to them.”
The company has now delayed the implementation of its new policy to 15 May as it attempts to explain the changes more fully to users.
How to add two-factor authentication to your social media accounts
With the number of personal account hacks on the rise, many internet services now offer users the ability to implement two-factor authentication, or 2FA as it is sometimes known. With two-factor authentication, even if the hacker has your password, they will need your phone or security key to get into your account.
Authentication factors are categories of credentials used to verify that someone or something is who or what they are claiming to be. There are three categories: 1) Knowledge factors – these are credentials that the user knows, typically a username and password. 2) Possession factors – these are things that the user has, typically a mobile phone. 3) Inherence factors – these are things that the user is, typically a biometric characteristic such as a fingerprint or an iris pattern. Strong authentication means the system is using two or more of these options.
In May 2019, Google announced a one-year study it did in partnership with New York University and the University of California, San Diego. The trio found that SMS two factor authentication blocked 96 percent of bulk phishing attacks, and 76 percent of targeted attacks trying to crack into your Google account.
If you would like to add two-factor authentication to your social media accounts, we recommend downloading an authenticator app on your smartphone, such as Google Authenticator or Duo Mobile. Sending your smartphone a text message for your two-factor authentication, is still more secure than simply using a stand-alone password, however, if the hacker has got your physical device they could still get into your accounts.
Here’s how you can set up two-factor authentication on social media platforms with these apps (available for free on both iOS and Android smartphones).
To turn on or manage two-factor authentication:
- Go to your Security and Login Settings.
- Scroll down to ‘Use two-factor authentication’ and click ‘Edit’.
- Choose the security method you want to add and follow the on-screen instructions.
If you’re using an authenticator app the method you’ll want to choose is ‘Login codes from a third party authentication app.’
From then on whenever you sign into Facebook it will request a six-digit code that can be found when you open the authenticator app.
To set up two-factor authentication on Snapchat follow these steps:
- Tap ⚙️ in My Profile to open ‘Settings’
- Tap ‘Two-Factor Authentication’
- Tap ‘Continue’ to finish setting it up!
Then, select that you are using an authenticator app. As with Facebook, after two-factor authentication has been set up, your authenticator app will generate a single-use code that only work for a short amount of time, each time you login to Snapchat.
The process on Instagram is slightly more complicated. To set up two-factor authentication:
- Tap or your profile picture in the bottom right to go to your profile.
- Tap in the top right, then tap ’Settings’.
- Tap ‘Security’ and then scroll down and tap ‘Two-Factor Authentication’.
- Tap next to ‘Authentication App’, then tap ‘Set Up Manually’. If you don’t see the toggle switch, tap ‘Get Started’.
- Tap ‘Copy Key’ below the Instagram key and paste it into your authentication app
- Please note: It is important to copy the key code to your clipboard, take a screenshot, or save it in some other way since you won’t be able to access the code again once you’ve finished setting up.
- After your Instagram account is linked to your authentication app, copy the 6-digit code your authentication app creates.
- Go back to the Instagram app, tap ‘Next’ and paste the 6-digit code to complete the process on that device.
To add your two-factor authentication on Twitter:
- In the top menu, tap your ‘profile’ icon, then tap ‘Settings and privacy’.
- Tap ‘Account’, then tap ‘Security’.
- Tap ‘Two-factor authentication’.
- Then select: ‘Authentication app.’
It is also worth mentioning that this technology does not require an internet connection or phone service to use, meaning you can login with two-factor authentication at any time. This is because the time counter used in the app that provides you with an up-to-date code is synced with the current time on your phone. The client and server therefore remain in sync as long as the system times remain the same.
However, there are a few things to be aware of though when using authentication apps. The app will need to be up to date with the latest software version, and if you change phone you will need to login to the service provider on your web browser and click ‘Change Phone’ to update your details, as well as scanning a barcode in the app on your new phone. This is because it is the phone itself that is linked directly to the authentication process, and only one device can be linked at one time.
If you found this post helpful, we recommend reading these previous posts:
How Artificial Intelligence technology is used by traffic apps
Long gone are the days where we had to use physical maps to navigate between destinations. Nowadays, everything can be done with the touch of a button on your smartphone. And, although it may seem like magic, your maps and traffic applications can now predict what the best route to take is, where trouble spots are building up, alternate routes and your estimated time of arrival. How is this possible? It’s all thanks to Artificial Intelligence and this blog looks at the role AI and Machine Learning play in perfecting your route.
What is Artificial Intelligence and Machine Learning?
Artificial intelligence makes it possible for machines to learn from ‘experience’, adjust to new inputs and perform tasks. Whereas, Machine Learning, is the software and algorithms that make machines smart, or the science of getting computers to act without being explicitly programmed.
For predicting routes and traffic, algorithms are used to decide how fast your journey will be on the routes it suggests. This is based on factors like paved roads, motorways, and time of day – all historical data that will be taken into account when you type in your destination. But while this information helps you find current traffic estimates —whether or not a traffic jam will affect your drive right now—it doesn’t account for what traffic will look like 10, 20, or even 50 minutes into your journey.
This is where artificial intelligence helps. By looking at live traffic conditions AI can help your Maps application adjust in real time and predict whether traffic will likely become heavier in one direction as a result – if so, the app will automatically find you a lower-traffic alternative.
What data is used?
To predict your arrival time and the best route you should take, a wealth of data needs to be analysed from various sources and fed it into machine learning models to predict traffic flows. The sort of data that is used includes live traffic information collected anonymously from smartphones, historical traffic data, information like speed limits and construction sites from local governments, and also factors like the quality, size, and direction of any given road. What’s more, with apps like Waze, users can also contribute real-time data to the Waze Community, for example pointing out where the police are checking driving speeds and if a traffic accident has occurred.
However, it is worth noting that take part in this data collection is entirely optional. Only those who are willing to share their information with the app will be contributing. If you’d prefer, you can disable the Location Services on your phone and none of your data will be accumulated.
To predict what traffic would look like in the near future, Google Maps and other similar applications, analyse historical traffic patterns for roads over time, using data from past trips down this route. For example, one pattern may show that the 280 freeway in Northern California typically has vehicles traveling at a speed of 65mph between 6-7am, but only at 15-20mph in the late afternoon. The company then combines this database of historical traffic patterns with real time traffic conditions, using machine learning to generate predictions based on both sets of data. Using AI, the company says they can accurately predict your estimated time of arrival for over 97% of trips. What’s more, the more you use your preferred app the better it gets to know you. By learning your frequently used routes and destinations, as well as the hours when you commute, your fastest route can be further optimised.
With many people working from home and going out less often because of the coronavirus, companies have also updated their AI model to prioritise traffic patterns from the last two-to-four weeks and deprioritise patterns from any time before that. As a result, Maps will already know that a route that might have taken 30 minutes in rush hour, now may only take 20 minutes, and will be able to update the estimated time of arrival accordingly as more people start driving again.
Predicting traffic and determining routes is incredibly complex. However, as more data is added to the set used to make predictions, the accuracy rate is only likely to improve. You can read a detailed blog from Google on the subject here.
Interested in other technology involved in travel? Why not read one of our other blogs:
Can I use a VPN on my mobile device and how do I pick a safe one?
Now that many of us are working from home, it is more important than ever to implement extra security measures when using the internet. What’s more, over the past few months there has been an increase in cybersecurity attacks, so it’s essential to ensure that your data doesn’t end up in the wrong hands.
There’s a way to use a secure private network that keeps your computer’s IP address and your physical location private. You can do that by using a VPN, or virtual private network, that creates a private path for your computer and mobile devices to use when accessing the internet. It’s a great way to keep your browsing private and attack-proof. A good VPN also encrypts your internet traffic, preventing others from intercepting your connection. A VPN can connect to servers anywhere in the world, meaning you can use it to access websites as if you’re in a different country, allowing you to access different content as a result. For example, Netflix has a different library in the US compared to the UK, so if you’d like to access some of the US content you can use a VPN.
When you use a VPN, your data such as emails, instant messages, login information, which sites/ apps you use, downloads, you name it, is safely encrypted when it travels wherever it needs to go. This way, the only visible information to websites, advertisers and potentially hackers is the VPN’s IP address and not yours. Additionally, your internet service provider only sees you visiting the VPN and not the websites.
Here are four scenarios when we recommend using a VPN:
- When using a public Wi-Fi
- When you’re using someone else’s network
- When you’re working from home and need to use apps without end-to-end encryption (such as Facebook Rooms and Houseparty)
- When you want more privacy when visiting websites.
Can I use a VPN on a mobile device?
We now use our smartphones for pretty much anything, so setting up a VPN on your mobile device is not a bad idea. You can install VPN apps on both Android and iOS devices. Here’s how to do it:
- Setting up a VPN in iOS: First you need to download a VPN app from the Apple App Store. Once downloaded, it should automatically configure settings for you, but in case it doesn’t here’s how to do it manually:
- Head into your Settings app and tap General
- Scroll down to select VPN (your iPhone should tell you whether or not you’re currently connected)
- Tap on Add VPN Configuration and then on Type to select a security protocol – you’ll know these by following the instructions provided by your app
- Return to the Add Configuration screen to add the VPN’s description, server, remote ID and local ID
- Enter your username and password (you can also use a proxy)
- Then tap Done and you’ll be brought back to the VPN screen. Finally, toggle the status switch to ‘on’.
- Setting up a VPN in Android: Like in iOS, you’ll need to download your chosen VPN app from the Google Play Store. If you prefer not to let an app automatically configure things for you, here’s how to set it up manually:
- Head into Settings > Network & Internet > Advanced > VPN (you should see a little key icon). If you don’t see Network & Internet in the Settings menu (which may happen depending on your Android overlay), then do a search within Settings for VPN. Press the Add button.
- If you haven’t set a screen lock or password yet, Google will prompt you to do so before continuing with the VPN app configuration.
- Then you can create your VPN profile by adding the VPN name, type and Server address and clicking on Save.
- You’ll be taken back to the VPN screen, where you should now see the name of your VPN. Tap on it to put in your name and password. You can also choose to save your account information and you can make the VPN always on. Click on Connect.
- Enter the VPN name, type, server address, username and password and press Save. Your VPN is all set.
Once you have got your VPN up and running you might notice that web browsing is not as fast as it used to be particularly if you’ve configured traffic to go to another country. Stronger encryption, or more users connected to one VPN can also slow down your internet speed. Despite that, a VPN is worth considering because it protects you from:
- Internet service providers tracking you and selling the data they collect on your internet activity
- Website advertisers spying on you
- Hackers on public Wi-Fi
- Apps and companies spying on your connections
- Anyone who wants to identify your IP address or location
- Companies and apps that want your connection data or malicious actors trying to intercept your connection
How to pick a safe VPN
It’s critical to select a safe, reliable and secure VPN for your mobile phone, tablet or laptop/ PC. However, there are plenty of unreliable VPN apps and providers out there that only want to cash in on people’s privacy fears. So how do you make sure that you’ve chosen a good VPN? Here are a few things to look out for:
- To help you select a safe and secure VPN, check out a VPN evaluation resource such as Restore Privacy who keep a current list of the best VPNs
- There are plenty of free VPNs out there, but we recommend that you avoid these – being free is a huge red flag
- Look for a VPN with a good reputation. Use Google to see if any issues come up in searches. Look for a VPN that doesn’t have known data leaks, has a good performance, features quality apps for all your devices, that supports the OpenVPN protocol and encryption standards, and ideally has a money-back guarantee.
Did you find this post useful? Are you considering getting a VPN for extra security? Let us know in the comments below!
If you’re interested in the topic of data and internet security, check out some of our other blogs:
What is a Digital Legal Identity and why is it important?
A legal identity officially identifies an individual using factors such as first name, family name, date of birth, nationality and more. As an authentic declaration of one’s existence within society, legal identity is a right.
Having one is key to participation in society – from accessing social services like healthcare or education, to making transactions, opening a bank account or starting a business. But according to the United Nations, over 1.1 billion people around the world still have no form of legal identity. Without one, they can’t take part in society and are left to be treated like ghosts. The problem is such that the UN has recognised legal identity in its Sustainable Development Goals, with the aim of “guaranteeing everyone a legal identity, thanks notably to birth registration, by 2030”.
Lack of legal identity in many developing countries is a result of a lack of capable birth registration systems. The problem is then exacerbated by the cost of providing an identity to all citizens, difficulty in reaching them, and the deterioration of paper archives. But there is an answer: digital legal identity.
The benefits of a digital approach
Shifting legal identity to a digital ecosystem presents many immediate benefits. Firstly, it can simply, securely and more quickly assign everyone a digital legal identity. From there, it enables development of services where each individual can access their rights that are attached to their
identity. It also hugely simplifies information sharing and transmission, benefitting citizens but also businesses who deal with them.
But there are certain standards digital legal identity has to meet to be usable within any given country. These are:
- Universality and accessibility: Digital identity must be accessible to all, completely without discrimination, and via technologies that are adapted to their environment and citizens access to technology (e.g. with or without internet, on paper or mobile device).
- Robustness, scalability and durability: Digital identity must be secure and efficient, but it must also be affordable and sustainable. It must rely on open standards and guarantee interoperability with different existing technologies.
- Security and confidentiality: Digital identity must maintain confidentiality concerning the data collected, and must be part of a legal framework of trust. Participating governments must be able to provide identity verification services to the private sector without compromising security or confidentiality.
These are the foundation of a successful digital legal identity framework. Applied correctly, it can bring huge benefits to citizens, their governments and the private sectors that serve them.
And if you’re interested in other aspects of digital identity, you may want to read these other posts:
Where might I encounter ‘biometrics’ in everyday life?
Biometric technology is increasingly becoming part of the fabric of our everyday lives. Yet many of us would be hard pushed to point out when we last used the technology. This is due to the fact that there are so many use cases for biometrics found in various day-to-day scenarios that we barely even register when we’re using this relatively new form of identification.
So, what is biometrics? Well, in a nutshell, biometrics is a convenient and secure way of identifying ourselves purely by using the biological markers that are unique to us, such as fingerprints, faces and voices.
As a species, we have always identified each other using physical characteristics. Biometric technology harnesses that distinctly human instinct for the purposes of security, privacy and identification.
So where are biometrics used?
Many of us who have travelled by air in the last few years will be familiar with the idea of using our faces to verify ourselves when going through e-Passport Gates at airports. Automating elements of the passenger journey through the airport and reducing the number of human touchpoints at security, for example, has actually slashed processing times by 80%.
We’re all familiar with the idea of using fingerprints and our faces to unlock our smartphones – thanks to the ubiquity of the likes of Apple’s FaceID technology – but did you know that this tech is all part of the biometrics family? Typically used in combination with more traditional security options – like pins or passwords – biometrics add a much-needed extra level of security to our mobiles.
Banking apps increasingly rely upon some form of biometric ID for users to access them. In most cases, the biometric identification used to logon to the app is stored on the device itself, meaning that users don’t need to worry about hackers getting access to a centralised pot of user data.
Furthermore, biometrics can now be found embedded in your debit or credit banking card, allowing you to quickly and securely make contactless payments that are above the standard limit. Users are able to authorise contactless transactions by simply placing a finger on the card at the Point-of-Sale.
Various countries have started turning to biometrics to streamline the process of citizen enrollment for the likes of voting. This has been key in the fight against voter fraud, for example, as unique biometric identifiers have helped significantly cut down its possibility.
What’s next for biometrics?
As well as numerous areas where biometric technology is already taking root, there are also a variety of other sectors where its benefits could be felt. The rise of silent authentication, for example, will mean that people can be identified and verified based on passive behavioral biometrics such as the way you use your phone with total security, without having to consciously enter any details or follow prompts. In the future, this could mean unlocking your smart car simply by being near it or shopping online without having to enter any security details.
As always, we’ll keep our ears to the ground and bring you the latest in biometric technology as it emerges. For similar posts on this topic, you might want to check out some of the following:
How does skin-detection identification software work?
By now, you may be aware that biometrics is one of the fastest growing segments of the security industry and is primarily used to grant access to services. Some of the familiar techniques for identification are facial recognition, fingerprint detection, handwriting verification, hand geometry, retinal and iris scanner. Of these, face and fingerprint recognition have been the ones that have rapidly developed. This is due to their widespread use to unlock our smartphones, as these methods are user friendly and much more secure than a password alone.
Yet, despite the progress made with this technology, there have been cases where it has been fooled by 3D printed masks. This was particularly alarming as it proved that some facial recognition systems can authenticate users even when they are not alive.
As such, facial recognition cameras have come to rely on ‘liveness detection’ in order to grant access to a service. Here, algorithms analyse the images or videos and decide whether they come from a live person or a fake. Methods used are motion and/or texture analysis of the face, as well as artificial intelligence so the system can continue to adapt to changes in your expression, weight, hairstyle, and accessories, and recognise your face more quickly. For example, even if you wear a scarf or grow a beard, with AI, the system will learn to recognise you.
How does skin-detection work?
Using “Beam Profile Analysis” technology, three data streams are taken from a single camera system, a 2D image, a 3D depth map and most uniquely – material classification.
Through this fundamentally new approach to security, it is now possible to combine standard facial recognition algorithms from any third party with the unique ability to sense “live skin.” The technology works by using infrared beams to map out the fine structures of the face, creating a 3D representation to verify the user. It then analyses how this infrared light is backscattering light on different surfaces.
Put simply, the way skin reflects light is different from the way a silicon mask or a photograph would for example. Importantly, the software works on all skin colours and genders as the light scatters the same way despite physical differences between people. This is particularly relevant to companies developing facial recognition software, as in 2019 a study by the US government discovered that facial recognition systems misidentified people of colour more often than white people.
Early camera prototypes use a small Raspberry Pi computer that works with the LG phone’s USB-C port, but the actual camera array should use only the phone’s internal processor, and rely on similar infrared dot projectors and camera sensors like existing face-scanning phones, though aligned in a way that will work with different algorithms. For example, Apple’s Face ID already projects 30,000 infrared dots onto your face to help create a 3D map of your face when authenticating you. This means the technology will not be very expensive to implement.
By 2021, the company developing the skin-detection hopes to have its facial recognition system in Android and Windows devices that run on Qualcomm’s Hexagon processor. Some devices that run on this processor include:
- Samsung Galaxy S11, Galaxy S11 Plus, and Galaxy S11e
- Google Pixel 5 and Pixel 5 XL
- Sony Xperia 2
- LG G9 and LG V60
The technology also has the potential to be used in many more cases than smartphone authentication. For instance, it could also help computer vision systems in autonomous vehicles or be used in factories or warehouses where robots need to search and collect particular items by material.
The reason why facial recognition has become so popular amongst smartphone makers is the level of security and convenience it provides to their customers. Apple have said for example that the chance of a random person being able to unlock your phone with Face ID is 1 in 1,000,000. Touch ID by comparison was 1 in 50,000, so it’s a significant improvement. With skin-detection software included, this number will get even lower, meaning that hackers will find it much harder to gain access to your devices.
As most highly publicised breaches are attributed to weak or absent authentication (vulnerable passwords, unlocked laptops or wireless networks), these new verification methods will help protect against unauthorised access.
Let us know if you have any questions about skin-detection or biometrics in the comments below.