Many security measures aim to prevent threats in two categories: evasion and impersonation. In biometrics, the first threat scenario is where an individual in some way obfuscates their biometric samples in order to avoid identification, such as by fingerprint mutilation or iris dilation. These are not terribly effective because they are highly detectable, and in the case of mutilation, irreversible.
The second scenario is one where a biometric sample is covertly obtained or fabricated by an impostor and somehow faked or “spoofed“ to fraudulently gain entry or access to the rightful owner’s assets, just as they might through use of a stolen PIN, password, or credential. But while passwords can be changed and reissued to the genuine user, the inherent permanency of biometrics precludes them from being changed, and so the secure use of that biometric modality in the future is conceivably compromised, at least until the impostor is so identified.
Spoofing or obfuscating a biometric requires skill and effort and is difficult to achieve without detection. While it is possible, it is difficult, unreliable, and ineffective in situations where biometric capture is multi-sample, multimodal, attended by an operator, or used with other security mechanisms. Improvements in “liveness detection” and other anti-spoofing techniques make most failure modes virtually impossible. Another technique is to issue “revocable” biometrics, which are encoded and matched only in an encrypted domain. They are secure and can be regenerated if compromised.
There have been relatively few documented accounts of successful fraudulent defeat of biometric security measures in a real-world system either to avoid identification or gain unauthorized access. Attempts are occasionally simulated and widely publicized, and so there tends to be an outsize perception of the threat of security holes posed by biometrics.
Virtually every security mechanism can be defeated with some degree of skill and effort, and biometrics are no exception. The security of biometrics should be considered in the context of their application in relative terms to other alternative security mechanisms. It is also important to use biometrics in concert with other security measures; no security mechanism should break down under a single mode of failure.