All locks face three main security vulnerabilities. Security varies greatly from product to product, but especially from the style of the locking mechanism. In the case of biometric locks, the locking mechanism is electronic, with a system that measures a wide variety of biological characteristics.
This is vastly different from a standard lock you are would find on the front door of most homes and businesses. But just how different are these two types of locks? And how do their vulnerabilities stack up against each other?
Most physical security hardware can be broken open. However, violent or destructive entry is more difficult to use on a biometric lock. In order to open a standard lock, you can simply drill out the lock cylinder and open it with a screwdriver.
Biometric locks do not use a pin tumbler system, so this attack does not work. Anti-drill plates and pins in standard locks add more protection, but they can still be overwhelmed in this way, where biometric locks cannot.
Destructive entry methods for biometric locks are more complicated. And if a biometric lock is securing digital data, breaking the device, may also destroy the desired information. When it comes down to ease of forced entry, it is much harder to effectively break a biometrically locked door open.
Covert entry is almost undetectable to the naked eye, but it can be discovered with forensic investigation. These types of attacks are most common in standard locks. Something like a bump key or lock picks, leave scratches and impressions on the internals of the lock.
Because there is no physical keyway for a biometric lock, common covert entry methods are not applicable. However, if a biometric lock’s housing was disassembled and then reassembled, this might leave detectable marks on set screws or the lock housing.
It may also be harder to know to look for signs of covert tampering with biometric locks if the intention was something other than opening the door. For example, new ransomware attacks and data collection software are popular installations to biometric locks.
Surreptitious entry is when there is no way to detect any illegal or unauthorized opening of the lock. In terms of surreptitious entry, there is no way to even forensically identify lock tampering.
With biometric locks, there are certainly some widely publicized methods of surreptitious entry, but they are not easy for just anyone to pull off successfully.
A standard lock could have a key copied, stolen, or the lock could just be left open. Copying a biometric key is much more difficult, but still very possible.
Once this type of method is used on any lock, you will need to change authorization. For standard locks, the simplest way to do this is by rekeying or replacing locks affected by the attack. For biometric locks, they can simply be reprogrammed.
The main concern with biometric locks is the threat of software attacks. If the biometric lock you are using does not have decent cyber security, then hackers can override your lock’s functions without the need for physical biometric confirmation. This can also be done remotely if the biometric lock is part of an internet iterated system.
Theoretically, a criminal targeting you could know how to make the perfect copy of a fingerprint from a water glass, and some rubber cement. But it is highly unlikely. It is more likely for a standard door lock key to get lost, stolen, or copied. As for the so-called “danger” of false acceptance for biometric locks, this is largely untrue.
Biometric locks have a whole host of separate concerns than a standard lock. Some vulnerabilities are the same, but those that vary are often simpler to use on the standard lock types. It is also harder to leave your biometric keys lying around, so forgetfulness and neglect are less likely to result in a loss of access control. To find out the best type of lock for your needs, you should always determine the threats that your security faces.