How to Think Like Hacker for a Secure Business

Written by janvi

cybersecurity blogger and hacking enthusiastic

November 5, 2018

With every new innovation, hackers are adapting themselves to the new environment. As technology becomes accessible younger generations are enjoying hacking simply for the challenge and thrill of it & of course for an added bonus of money and media attention.

For a second let’s think you were a hacker what would you do? Look for holes in your security right. If you have the most secure system in your company, it won’t help your company if there are morally questionable employees.

In large businesses, different employees have different levels of security clearances. Make sure that executives, you and other employees trust those that have a high clearance with sensitive information. Just one leak could cost millions of dollars.

To secure businesses you can introduce various identity verification techniques but criminals are getting smarter. So first let’s examine how a criminal might hack verification defenses.

Knowledge-Based Authentication:

Knowledge-Based Authentication determines how accurately an applicant answers questions about their consumer, financial or personal history. It requires knowledge of personal information to gain access to important documents or info. There are two different types of Knowledge-Based Authentication one is static and other is dynamic.

Static Knowledge-Based Authentication is based on shared secret questions. It has consistent answers to questions like “What was your first pet’s name?” Dynamic Knowledge-Based Authentication is based on answering questions widely based on personal information. The questions will be the ever-changing example, “What was your last deposit at Union Bank?” and these questions are spontaneously generated in real-time.

Static KBA

How hackers Bypass KBA:

On the dark web personal details such as Aadhar, birth dates, addresses can be purchased for a small fee. Hackers use this purchased information to bypass static verification systems when they are asked to input answers to verify and authenticate themselves.

Fingerprint Scanning Authentication (FSA):

FSA has been hailed as a top effective tool for reliable identity verification. It relies on unique fingerprint patterns for verification processes. These patterns will be saved as an encrypted biometric key. Each and every time the present pattern compares with a pre-saved pattern in its system. If the pattern matches then the fingerprint passes the verification process.

How hackers Bypass FSA:

You might have thought FSA was un-breachable but hackers found a way. They have overcome fingerprint scanning security measures by using photos of a finger. They put these photos of fingers through a publicly available software program to create an accurate thumbprint. Then they apply ordinary latex or white wood glue onto the printed photo and allow them to dry. Once it dries, the glue is carefully removed from the sheet. With this fingerprint dupe, hackers hack into accounts that are secured by this kind of biometrics.


Voice-Recognition Authentication (VRA):

Voice recognition checks a user’s unique voice characteristics to determine their identity. It captures a speech sample from a user to create a baseline voice print. Once this baseline voice has been established, the user simply provides another speech sample for comparison.

How hackers Bypass VRA:

Hackers bypass voice-recognition software by obtaining a voice sample of the user they are trying to target, and using it during the voice-authentication process. This will automatically give them access to the user’s account as the system cannot detect that the voice being authenticated is a recording.

Clearly, any kind of authentication is vulnerable. Hackers can easily overcome a lot of the typical barriers put in place for account security.

using multi-layered authentication

Any kind of Biometric is not the solution either. So it’s better to avoid single-layered security approaches. They can easily be hacked by cybercriminals. To secure customer accounts, one should deploy a multilayered risk approach such as dynamic KBA, FSA, and VRA at once. It is less likely for hackers to be able to bypass multiple security measures rather than just one.



You May Also Like…


Submit a Comment

Your email address will not be published.