Another Day, Another Data Breach

Symantec, a leading provider of software security, analyzed nearly 2,000 publicly-available software apps and discovered that over 75% of these had valid AWS tokens that allowed access to private AWS Cloud services. Of these, nearly half included legitimate AWS tokens that enabled full access to millions of private files through Amazon Simple Storage Service.

Further, biometric digital fingerprints and personal data (including names and birthdates) were exposed in the Cloud. Five mobile banking applications utilizing the SDK exposed over 300,000 biometric digital fingerprints. At the core of the issue is a third-party SDK for digital identification, used by banking apps on iOS, that was particularly vulnerable.

How Did This Happen?

Symantec identified three main sources leading to the problem:

• Developers who use susceptible external libraries and SDKs in the mobile apps
• Companies that outsource their mobile app development, resulting in vulnerabilities
• Larger companies with numerous app teams who use cross-team susceptible libraries

Could It Have Been Prevented?

Absolutely! In fact, it never would’ve happened with Imageware Digital ID, our decentralized, biometrically enabled blockchain identification solution. With Imageware Digital ID, credentials, including your biometrics, are stored in a Cloud vault, accessible on the edge, so that all processes and verifications, or potential breaches, monitoring, etc., only affect the edge credentials.

Because credentials are blockchain-bound, not centralized, one lost record does not affect any other. This means that if someone else’s credentials are stole, or their account is hacked, breached, or compromised, your information isn’t at risk. This can’t be said for centralized data solutions.

Enter Imageware Digital ID

With Imageware Digital ID, your biometric Cloud vault is only used to store your credentials. Your credentials can be sent to your local device and are encrypted at rest and in transit. Imageware Digital ID stores biometric identifiers and templates (used for biometric authentication) locally as platform-agnostic, decentralized verifiable credentials. In other words, your biometrics, which prove who you are, do not exist in a centralized system and are not at risk of being lost or stolen in cyber attacks against large data repositories. In fact, they are not stored anywhere EXCEPT in your biometric vault where they cannot be stolen or even viewed by another user.

Credentials can be matched at the point of use rather than at a backend service, further protecting you and your identity. Your digital wallet is only accessible with YOUR biometrics. Imageware’s patented synthetic biometrics, biometric fusion, and digital-self ensure your vault is secure and fully encrypted.

Cybersecurity is a moving target as hackers get creative to thwart security measures. The threats are evolving, you need to evolve with them.

Find out more about Imageware’s decentralized Digital ID here.