Trend Micro released a new report warning that exposed biometric data creates a severe authentication risk across a wide range of digital scenarios, including the metaverse.
“The use of biometrics is championed by some as a more secure, easier to use alternative for passwords. However, unlike passwords, our features can’t be easily changed. So a compromise could have a long-lasting impact on users. Hijacking a user’s metaverse profile in the future could be similar to gaining complete access to their PC today.” said William Malik, vice president of infrastructure strategies of Trend Micro.
Trend Micro describes the metaverse as: “a cloud distributed, multi-vendor, immersive-interactive operating environment that users can access through different categories of interconnected devices.”
As such, those able to impersonate individuals inside this new iteration of the web could gain access to everything from online banking accounts and cryptocurrency stores to highly sensitive corporate data.
As outlined in the report, threat actors in the future may be able to use stolen or leaked biometric data to trick connected devices, such as VR/AR headsets, into logging them in as someone else. That could open the door to data theft, fraud, extortion, etc.
Metaverse user profiles may also be an attractive target as a valuable source of additional biometric data, such as detailed 3D user models that mimics a person’s real-life bio features.
In this new computing environment, two of the three factors typically used to authenticate will be registered with the software maintaining the metaverse, for example. Trend Micro’s report intends to generate more dialog in the IT and security community about how to avoid such potential risks. It warns that vast volumes of biometrics details, including face, voice, iris, palm, and fingerprint patterns, are already being disclosed online in high enough quality to trick authentication systems.
It can be found in images and audio content posted on social media and messaging platforms, news media sites, and government portals that people use daily.
As well as helping threat actors bypass authentication checks, judicious use of leaked or stolen biometric data could also help to create deepfake models en masse, the report warns.
Read the full report. https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/leaked-today-exploited-for-life-how-social-media-biometric-patterns-affect-your-future