BYOD and Mobile Device Security

The issue of “end node security” is a difficult challenge for enterprise CIOs forced to deal with today’s BYOD trend (Bring Your Own Device). A new wrinkle to this challenge is the increasing adoption of mobile biometrics, a-la-Apple iPhone 5S and other biometric-enabled handsets coming to the market. NexID’s Liveness Detection technology expects to play a significant role in BYOD security.

On one hand the inclusion of biometric authentication can A) encourage users who currently do not utilize any security measures for their device to invoke the device’s locking feature using biometric authentication, B) add additional security for users currently using pins/passwords by using the biometric sensor as a second authentication factor, and C) facilitating personal versus professional security in a BYOD environment.

On the other hand, users choosing to rely solely on the biometric sensor for securing their devices need to be aware of its limitations, especially with regard to biometric spoofing. For fingerprint sensors, this vulnerability was sensationalized by the spoofing of the iPhone 5S within days of its release  (http://www.theguardian.com/technology/2013/sep/22/apple-iphone-fingerprint-scanner-hacked). While industry experts will debate the risk level of a spoof-related attack on a mobile device, suffice it to say that it’s readily feasible should a knowledgeable perpetrator target a mobile device linked to high value resources.

I’m betting that the convenience of biometric authentication will drive its adoption by end-users, but it will take more robust and secure implementations of this feature to put CIOs at ease and encourage greater proliferation of mobile applications that involve higher levels of information or transaction risk (e.g., accessing enterprise resources or online purchases, respectively). Some of these measures are already underway, such as trusted ID platforms (think the 5S’ Secure Enclave and Samsung’s KNOX Container), which protect biometric information once it’s captured by the sensor.

For fingerprint authentication, to insure the captured image is the end-user’s live finger (and not a fake finger spoof), these mobile biometric sensors can implement liveness detection (a.k.a. spoof mitigation) functionality. Among traditional fingerprint scanners, NexID’s software-based liveness detection technology is proven highly effective at detecting spoofs, achieving 96-98% accuracy. We aim to bring that functionality and level of performance to the mobile device market with our forthcoming Mobile LD solution. Look for more news on this forthcoming product later in Q1.