This Ring Uses a Fake Fingerprint to Protect Your Biometric Data

The ring concept from Kaspersky Lab is designed to address a key vulnerability with biometric authentication — your face and fingerprints can’t be reset like a password if copies of them are stolen. So why not use a dummy fingerprint instead?

By Michael Kan

Consumers increasingly rely on fingerprint and facial scans to unlock their electronic devices, but what happens if their biometric data ends up in the wrong hands?

Antivirus firm Kaspersky Lab has come up with a potential safeguard: a ring that generates a synthetic fingerprint to unlock devices.

The ring is designed to address a key vulnerability with biometric authentication-your face and fingerprints can’t be reset like a password if copies of them are stolen. That might sound farfetched, but earlier this year, a South Korean company was found to be hosting customers’ fingerprint and facial-recognition data in an open online database.

The good news is that electronic devices such as smartphones generally store fingerprint or facial data on the hardware itself, not in an online server. But what happens if malware ends up on the electronic device itself? According to Kaspersky, the company has detected spyware potentially capable of stealing biometric data from computers, although the threat is relatively rare.

To address the potential risk, Kaspersky Lab wondered if it was possible to create a dummy fingerprint to supplant real ones.The company teamed up with Swedish designer Benjamin Waye to create a ring that basically houses a 3D-printed rubber stone made out of “thousands of conductive fibers” that contain a synthetic fingerprint.

“That ring can be used to authenticate the user with biometric systems, such as a phone or a smart home door lock. And if the data of the ring fingerprint leaks, the user can block this particular ring and replace it with a new one-and their own unique biometric data won’t be compromised,” Kaspersky says.

Each ring also comes with a unique fingerprint sourced to a software tool. However, the artificial fingerprints are never stored to prevent leaks.

That said, the ring solution still isn’t perfect. If you lose it, or forget to wear it, you’ll need an alternative way to unlock your electronic devices, like typing in a PIN code. At worst, you’ll get locked out entirely.

For now, the ring is only a concept device meant to bring awareness to the security risks of using biometric authentication. According to Kaspersky, a more ideal solution is to build protections inside electronic devices to prevent fingerprint or facial data from ever leaking. For now, companies including Apple, Google, and Qualcomm will store a customer’s biometric data on the smartphone through a dedicated chip inside the device that’s been isolated from the rest of the system.

Originally published at https://www.pcmag.com on December 4, 2019.