Business News

New hacking threats: Fingerprint reader vulnerabilities and sophisticated ransomware

Hack attack ahead
Hack attack ahead

A massive cyberattack that struck earlier this month has begun to slow, but experts warn there is more to come — including the ability to hack fingerprint readers.

"It is going to get worse before it gets better because we've becoming more reliant [on technology]… More sophisticated attacks will be hard to prevent," said Stuart Okin, a senior vice president of product at 1E, a cybersecurity firm that helps companies keep software up to date.

The latest hacking threats were WannaCry, , malware that takes over computers and servers to solve complex math equations that mine, or create, virtual currencies like Bitcoin. Ransomware locks up computer files and demands payment to get them back.

Each malware is known as a worm, malicious software that spreads from connected computer to computer without the user needing to click on a link or download a file.

These threats are currently targeting businesses, but consumers may face similar threats. The best protection is to buy software from legitimate sources, install updates, use anti-virus and firewall software, and back-up, according to Steven Grossman, vice president of strategy at Bay Dynamics, a cybersecurity analytics company.

"I don't think I would ever advise anybody to pay a ransom, but the reality is if you're caught losing your family photos, losing your financial information, and you have no backups, you may be in a difficult situation and try to pay it," Grossman told CNBC's "On The Money."

An N.Y.U. Tandon School of Engineering researcher demonstrates which prints could be matched.

You may think your fingerprint is unique, but hackers may be able to use vulnerabilities in smartphone fingerprint readers.

Researchers for New York University's (N.Y.U.) Tandon School of Engineering discovered masterprints, digitally altered fingerprints that could match many people's fingers.

"If I have this glove or fake hand with these master prints on it then I can unlock say 25, 30, 40 percent of phones," Professor Nasir Memon of N.Y.U. Tandon said.

Here is how it works: While each fingerprint is unique, the researchers said most smartphones only use small partial prints, which make the sensors easier to fool.

"When you take a small part of it, the uniqueness tends to go down," Memon said.

Complicating the problem, according to Memon, is that most smartphones store multiple prints of various fingers, and give you a few tries to unlock.

"It's as if I don't have to get in through one window, but 30 windows. Any one of them is left open, I'm in. To a security person, that's a problem," he said.

The team has yet to test the research on a real phone, but instead has used computer simulations.

Four of the masterprints that will match many fingerprints, according to N.Y.U. Tandon School of Engineering researchers.

"Every fingerprint is unique, so it is rare that even a small section of two separate fingerprints are alike enough to register as a match…The probability of this happening is 1 in 50,000 for one enrolled much better than the…odds of guessing a typical 4-digit passcode," according to Apple's Touch ID Security website.

For Google's latest Android software, the fingerprint sensor, "MUST have a false acceptance rate not higher than 0.002 percent," according to its online guidelines.

Despite his research, Professor Memon still uses a fingerprint on his own smartphone.

"Fingerprints are very convenient. It's so nice that I just pick up a phone, I just put my finger on the start button and boom it unlocks," he said. However, he advised caution when using fingerprints for banking and large financial transactions.

And experts say using a fingerprint is better than using no lock on your smartphone.

"It's a matter of balancing security and convenience. How many locks do you want on your front door versus how much inconvenience do you want it to be when you enter?" Bay Dynamic's Grossman said.

On the Money airs on CNBC Saturday at 5:30 am ET, or check listings for air times in local markets.