Unified Biometric System in Russia: 5 Facts About Biometrics You Should Know

Contents:

• Unified Biometric System: What is it and How does it Work?
• Using Fingerprints as a Replacement for Bank Cards
• Methods for Deceiving Facial Recognition Systems: How Hackers Overcome Defenses
• Effective Fight Against Deepfakes: Challenges and Initiatives

Unified biometric system: what is it and how does it work?

The Unified Biometric System (UBS) was introduced in Russia at the end of 2020 after The signing of a decree by President Vladimir Putin marked an important step toward the centralization of biometric data, which was previously stored in disparate registries, including police, immigration, and bank databases. The Unified Biometric System (UBS) ensures more efficient management and protection of citizens' biometric information, simplifying identification and authentication processes. Furthermore, the system enhances security and facilitates interactions between various government agencies and commercial organizations. The implementation of the UBS opens new opportunities to improve the quality of public services and increase public trust in government institutions. According to the new regulations, the Unified Biometric System (UBS) combines both existing and new biometric data on a single platform. This simplifies key financial transactions for Russian citizens, including obtaining loans, opening bank accounts, and remotely signing documents. Over the next two years, the government intends to increase the number of records in the Unified Biometric System (UBS) from 164,000 to 70 million, which will significantly improve citizens' access to banking services and enhance the security of financial transactions.

To take advantage of the Unified Biometric System (UBS), citizens must contact a bank to create an account. During the registration process, biometric data, such as nose shape and eye color, is collected. It should be noted that banks do not have direct access to the UBS; they only receive information about the entered data's compliance with established criteria, which are stored in the database. If the data match rate exceeds 99.99%, the bank can provide services remotely. This simplifies access to banking services and improves the security of customer identification.

Ivan Berov, Director of Digital Identity at Rostelecom, emphasized that the Unified Biometric System (UBS) is subject to strict security requirements. Biometric data is transmitted via secure communication channels and stored as mathematical models. This approach ensures that original photographs or voice recordings cannot be restored, guaranteeing the protection of users' personal information and maintaining privacy principles.

Data is stored in an anonymized form, meaning it is separated from personal information available on platforms such as Gosuslugi. This significantly reduces the risk of leaks and the possibility of data misuse. Anonymization of information ensures the protection of user privacy and increases the level of data storage security. Thus, the use of modern information processing methods contributes to the reliable protection of personal data.

Fedor Muzalevsky, a technology expert at RTM Group, notes that the main security threat is not leaks from the Unified Biometric System (UBS), but rather the actions of fraudsters. He argues that "a leak of a voice sample through the UBS is not the most significant threat. It is much more likely that fraudsters will be able to record your voice during a phone conversation." This situation highlights the need for increased vigilance among citizens regarding personal data protection and security.

Cases of fraudsters using fake voices to deceive victims have already been recorded. In the future, if voice commands are sufficient to confirm transactions, this could create serious security risks. However, many banks implement two-factor authentication, which requires not only a voice recording but also a facial image, significantly increasing security. It's important to be aware of potential threats and implement additional security measures to minimize risks in financial transactions.

Using Fingerprints as a Replacement for Bank Cards

Modern authentication technologies are rapidly developing, and fingerprints are becoming increasingly popular. The first attempts to implement fingerprint sensors in mobile devices began in 2004 with the Pantech GI100 phone. However, the widespread use of such technologies occurred in 2013 with the release of the iPhone 5S from Apple, which became a significant breakthrough in this field. Since then, the use of fingerprint-based biometric authentication has increased significantly, providing a high level of security and convenience for users. The technology continues to improve, offering new solutions for protecting personal information and simplifying access to mobile devices.

Today, fingerprints are actively used not only for data protection, but also for making purchases. In 2014, Sberbank implemented a project in educational institutions in Chuvashia that allows students to pay for meals using biometric scanning. The system, known as "Ladoshki," is successfully operating in several Russian schools, providing a high level of convenience and security for users. The use of biometric technologies in the educational environment opens new horizons for simplifying everyday processes and enhancing the security of financial transactions. The Azbuka Vkusa chain of stores offers its customers a convenient payment authentication option using fingerprints. After registering at the checkout and linking their bank card to biometric data, customers can simply place their finger on the terminal. This provides a fast and secure payment method, with the amount automatically debited from their account. This approach significantly simplifies the shopping process and enhances the security of financial transactions, making shopping at Azbuka Vkusa even more convenient and modern. It should be noted that the security of fingerprint authentication is seriously questionable. In 2014, hacker Jan Krissler, known by the pseudonym Starbug, demonstrated the vulnerability of this technology by forging the fingerprint of then-German Defense Minister Ursula von der Leyen. He used Verifinger software and photographs taken from various angles to demonstrate how easily the security system could be circumvented. This incident highlights the need for more reliable and secure authentication methods to prevent similar incidents in the future. Starbug demonstrated the vulnerability of Apple's Touch ID system on the iPhone 5S by bypassing its security by creating a fingerprint "mold" from the device's screen. To do this, he used latex, wood glue, and graphite, clearly demonstrating that even modern technology is not immune to hacking. This case highlights the importance of understanding the risks associated with biometric authentication and the need for additional protection of users' personal data.

Vyacheslav Gerasimenko, an information security expert at Rostelecom, notes that digital fingerprints are not stored in the traditional sense. Fingerprint scanners create a mathematical model of the fingerprint, which eliminates the possibility of its reproduction. This emphasizes the need to protect data at the algorithmic level, and not just through image storage. The importance of this approach lies in increasing security and reducing the risk of unauthorized access to personal information.

Methods for Deceiving Facial Recognition Systems: How Hackers Overcome Protection

Facial recognition systems are gaining popularity and are actively being implemented in various sectors. In 2020, the Prime cafe chain in Moscow introduced an innovative face-based payment feature that requires pre-registration of biometric data with the bank. Similar technologies are also being tested by major retailers such as Lenta, Perekrestok, and Pyaterochka. These solutions not only simplify the payment process but also enhance security, making them attractive to businesses and consumers. Facial recognition is becoming an important tool for improving customer experience and streamlining retail operations. However, the technology doesn't always function flawlessly. In 2020, an incident occurred on the Moscow metro in which the system mistakenly identified an ordinary passenger as a criminal. This led to his detention pending investigation. Such incidents raise questions about the reliability of facial recognition technologies and the need to improve algorithms to minimize the likelihood of errors and protect citizens' rights.

Facial recognition systems on Apple devices are also facing setbacks. In 2019, at the Black Hat USA conference, researchers demonstrated a method for bypassing Face ID. This method allowed an attacker to access an iPhone in just a few minutes using only glasses, tape, and a sleeping user. This highlights the vulnerabilities of modern security technologies and the need for their continuous improvement.

Research confirms that Face ID does not collect full 3D data from the area around the eyes when recognizing a wearer wearing glasses. Instead, the system focuses on a black area with a white dot, which symbolizes the iris. This limitation may impact recognition accuracy, especially in low-light conditions or when wearing certain types of frames. Face ID remains one of the most reliable biometric authentication technologies, but users should be aware of how the system performs in different conditions.

Researchers exploited a vulnerability in the Face ID facial recognition system by covering the lenses of ordinary glasses with black tape with a slit for the eye. They then placed the glasses on the sleeping smartphone owner. This method demonstrated its effectiveness in fooling Face ID, highlighting the importance of protecting facial recognition technologies and their vulnerabilities.

Chinese hackers have introduced new, more sophisticated fraud methods using deepfake technologies to create fake identities. They used these technologies to file false tax returns on behalf of non-existent employees. As a result of their activities, they managed to "earn" more than $76 million over three years. This scheme highlights the growing threat of cybercrime and the need for stronger security measures in financial controls and tax administration.

Hackers use a variety of methods to bypass facial recognition systems. One of the most common is to use photographs or videos of people without their consent. This can be done using social media or CCTV cameras. Some attackers use deep learning technologies to create fake faces that can fool recognition systems.

Furthermore, hackers may use special masks or projections to distract systems from the real face. Such masks can be made of high-quality materials that mimic facial features, making identification difficult. Image manipulation techniques, such as changing the angle or lighting, are also used, which can lead to incorrect recognition.

It is important to note that facial recognition technologies continue to evolve and become more sophisticated every year. However, hackers continue to find new ways to bypass these systems, highlighting the need for constant updating and improvement of security technologies.

Hackers use a variety of methods to deceive systems, including the use of masks, deepfake technologies, and vulnerabilities in facial recognition algorithms. These approaches allow attackers to bypass security mechanisms and access sensitive information. Attack methods are becoming increasingly sophisticated every year, requiring constant security upgrades and the development of new technologies to protect against cyberthreats.

Modern facial recognition technologies raise numerous security concerns. These systems use complex algorithms and artificial intelligence to identify individuals by their faces, making them popular in various fields such as security, identification in public spaces, and service personalization. However, along with their benefits, there are also risks.

The main concerns relate to the potential for data misuse, personal information leaks, and privacy violations. Many experts emphasize that inadequate data protection can lead to fraud and other crimes. Furthermore, facial recognition technologies are prone to error, creating the risk of misidentification and potential consequences for individuals.

Therefore, despite the benefits of facial recognition technologies, security and ethical issues must be carefully considered to minimize risks and protect users' personal information. Companies and organizations implementing such technologies must adhere to strict security standards and ensure transparency in their data use.

Modern facial recognition systems have made significant progress, but they still have vulnerabilities. Regular updates and improvements are necessary to improve the security of such technologies. It is important to consider that, despite their effectiveness, systems can be susceptible to attack and manipulation. Therefore, continuous improvement of algorithms and the introduction of new security methods play a key role in ensuring the reliability of facial recognition.

For more detailed information on the security of facial recognition technologies, we recommend studying the materials on the NIST and Kaspersky websites. These resources offer up-to-date data and research regarding the reliability and security of facial recognition systems. Understanding the security aspects in this area will help you better navigate the potential risks and benefits of these technologies.

Effective Combat against Deepfakes: Challenges and Initiatives

With the development of artificial intelligence technologies, the problem of deepfakes is becoming increasingly relevant. These manipulations concern not only visual content, but also audio recordings. In 2016, Adobe introduced VoCo, an innovative platform that allows you to edit audio files, changing words and phrases as easily as in a word processor. This technology is based on the use of complex recurrent and convolutional neural networks that synthesize voice recordings by analyzing existing audio materials. Given the growing capabilities of content manipulation, it is important to understand the potential risks and ethical implications of using such technologies.

In 2019, Timur Bekmambetov and the Robot Vera team presented the Vera Voice project, which provides voice-overs for various media formats using artificial voices. This innovative system can be used to create voiceovers for TV series, video games, and even send greetings in famous voices. The project demonstrates the growing accessibility of deepfake technologies and opens up new possibilities in media and entertainment.

Creating a high-quality deepfake requires significant computing resources and time to train models. However, modern open-source solutions are making this technology accessible to a wider audience. This raises serious concerns among researchers and government organizations seeking effective methods to counter emerging threats related to image and video manipulation. It is important to develop strategies and tools to protect against potential deepfake abuses to minimize the risks associated with disinformation and privacy violations.

Major universities such as Stanford and Binghamton, as well as leading tech companies including Facebook, Microsoft, and Intel, are actively developing deepfake detection technologies. In 2019, California passed the world's first law regulating deepfakes, prohibiting the manipulation of people's perceptions using artificial intelligence. These efforts aim to protect the public from misinformation and the misuse of technology. In light of the growing threat posed by deepfakes, researchers and lawmakers are striving to create a safe digital environment where information remains accurate and technology is used ethically.

In Russia, the Ministry of Internal Affairs announced the creation of a deepfake detection system known as "Zerkalo." The system was expected to be completed by November 2022. However, experts express doubts about its effectiveness, citing the limited budget of 4 million rubles allocated for the project. Developing this technology is important for combating fake news and disinformation in the digital space, but insufficient funding could negatively impact its functionality and successful implementation.

Maria Chmir, CEO of Deepcake, a startup developing face-swapping technology, notes that the allocated funds are insufficient to develop a high-quality and effective solution. This underscores the importance of funding and investment to successfully combat the threats posed by deepfakes. With image manipulation technologies becoming increasingly popular, it is crucial to ensure sufficient resources are available to create robust protection tools against such content.