The banking password may be about to expire — forever.
Some of the nation’s largest banks, acknowledging that traditional passwords are either too cumbersome or no longer secure, are increasingly using fingerprints, facial scans and other types of biometrics to safeguard accounts.
Millions of customers at Bank of America, JPMorgan Chase and Wells Fargo routinely use fingerprints to log into their bank accounts through their mobile phones. This feature, which some of the largest banks have introduced in the last few months, is enabling a huge share of American banking customers to verify their identities with biometrics. And millions more are expected to opt in as more phones incorporate fingerprint scans.
Other uses of biometrics are also coming online. Wells Fargo lets some customers scan their eyes with their mobile phones to log into corporate accounts and wire millions of dollars. Citigroup can help verify 800,000 of its credit card customers by their voices. USAA, which provides insurance and banking services to members of the military and their families, identifies some of its customers through their facial contours.
Some of the moves reflect concern that so many hundreds of millions of email addresses, phone numbers, Social Security numbers and other personal identifiers have fallen into the hands of criminals, rendering those identifiers increasingly ineffective at protecting accounts. And while thieves could eventually find ways to steal biometric data, banks are convinced they offer more protection.
“We believe the password is dying,” said Tom Shaw, vice president for enterprise financial crimes management at USAA, which is based in San Antonio. “We realized we have to get away from personal identification information because of the growing number of data breaches.”
Long regarded as the stuff of science fiction, biometrics have been tested by big banks for decades, but have only recently become sufficiently accurate and cost effective to use in a big way. It has taken a great deal of trial and error: With many of the early prototypes, a facial scan could be foiled by bad lighting, and voice recognition could be scuttled by background noise or laryngitis.
Before smartphones became ubiquitous, there was an even bigger obstacle: To capture a finger image or scan an eyeball, a bank would have to pay to distribute the necessary technology to tens of millions of customers. A few tried, but their efforts were costly and short-lived.
Read the Remainder at NY Times
A group of German researchers from ADAC have published their work on extending last year’s amplification attack that let thieves steal Priuses with a $17 gadget that detected your key’s unlock signal and amplified it so it would reach the car.
The researchers have shown that at least 24 different car models from 19 manufacturers are vulnerable to this attack, and can be unlocked and driven away with cheap, easy-to-make radio amps.
The researchers say that thieves are already using this method to steal cars, and point to the surveillance video above as an example of a real-world theft.
Audis have had a similar, unpatched vulnerability for at least five years — though its details have never been revealed because Volkswagen threatened to sue the researchers who discovered it.
Here’s the full list of vulnerable vehicles from their findings, which focused on European models:
the Audi A3, A4 and A6, BMW’s 730d, Citroen’s DS4 CrossBack, Ford’s Galaxy and Eco-Sport, Honda’s HR-V, Hyundai’s Santa Fe CRDi, KIA’s Optima, Lexus’s RX 450h, Mazda’s CX-5, MINI’s Clubman, Mitsubishi’s Outlander, Nissan’s Qashqai and Leaf, Opel’s Ampera, Range Rover’s Evoque, Renault’s Traffic, Ssangyong’s Tivoli XDi, Subaru’s Levorg, Toyota’s RAV4, and Volkswagen’s Golf GTD and Touran 5T. Only the BMW i3 resisted the researchers’ attack, though they were still able to start its ignition. And the researchers posit—but admit they didn’t prove—that the same technique likely would work on other vehicles, including those more common in the United States, with some simple changes to the frequency of the equipment’s radio communications.
Read the Original Article at BoingBoing