Imagine I have an application which uses a biometric based authentication (such
ID: 658793 • Letter: I
Question
Imagine I have an application which uses a biometric based authentication (such as a fingerprint). It takes its hash and sends it to the server. The server has a copy of the hash and compares the two.
Now I hack the server and steal the hash. Now I can bypass the fingerprint test. Moreover, let's say the hash wasn't that great (or it was and now computers are faster so I can do a brute force attack). Now I know the fingerprint so I can log into any system which requires it.
Had this been a password we would have been advised to change the password; but in this case what's the victim supposed to do as he can't change his finger ?
Explanation / Answer
Your question doesn't actually list the main security problems with biometrics, and the reason that they aren't actually used to secure anything valuable except as an additional mechanism after your normal 2 factors.
1) Biometric signatures are not unique
You can comfortably assume there are many people out there with fingerprints that will match yours to any degree measured by biometric fingerprint systems. This is why police cannot rely on fingerprints as evidence. Same goes for retina scans etc. so all biometric systems are tailored to assume false positives and negatives.
2) You cannot change them easily
Imagine an attacker finds someone with the same fingerprint as you, and you discover this. How do you change your fingerprint so they cannot gain access but you can? Aside from surgery etc. it really is not possible.
3) As John points out in the comment below, biometrics are not secret
So the first line of your question is actually incorrect. Biometric authentication systems are not secure. Instead, when used with a username and password, for example, they can increase the confidence the system has that you are the person you say you are.