Fingerprint Scanners Still Easy to Fool 378
Anlan writes "A Swedish student wrote her Master's thesis about current fingerprint technology. After a thorough literature study some live testing took place. Simple DIY fingerprint copies were used (detailed how-to in the thesis). Have current commercial products improved as much as proponents claim? Well, this qoute from the abstract says it all: 'The experiments focus on making artificial fingerprints in gelatin from a latent fingerprint. Nine different systems were tested at the CeBIT trade fair in Germany and all were deceived. Three other different systems were put up against more extensive tests with three different subjects. All systems were circumvented with all subjects' artificial fingerprints, but with varying results.' You can guess how happy the sales people at CeBIT were - most systems claim to be spoof proof..."
fix? (Score:2, Interesting)
So you can expect... (Score:3, Interesting)
Re:fix? (Score:5, Interesting)
fingerprints at all... (Score:5, Interesting)
Who cares about the scanners when the real problem lies in something entirely different?
Re:fix? (Score:3, Interesting)
Lo-tech method (Score:4, Interesting)
Re:fix? (Score:3, Interesting)
-B
Re:Something you have and Something you know (Score:4, Interesting)
None of the companies that manufacture biometric scanning technology can implement that without running afoul of the patent.
And the amount this shyster company is asking for is ludicrous. Hence, that kind of system is never used.
Re:fix? (Score:3, Interesting)
How many people would want to live at work every time they get the flu? Someone would let them out eventually, but it makes thing harder. And I can rub the gelatin mould in my hand, to warm it up.
The CIA will love this (Score:4, Interesting)
even if they did work (Score:3, Interesting)
Accidental Discovery (Score:5, Interesting)
Story (Score:4, Interesting)
Just thought I'd mention it. :) The story also had "heavy water fusion batteries" 4 years before the world learned the term "cold fusion". This was back in 1985 before my creativty was destroyed by life and career and reality television.
Re:Accidental Discovery (Score:4, Interesting)
Fastforward to years later, I have to get a security clearance, and therefore have to get fingerprinted... So I asked the cop about this sort of situation.
He told me that if they can't let a suspect go until they can ascertain his/her identity. So it's in the suspect's best interest to have printable fingerprints.
Obviously this cop wasnt very forthcoming with answers for all possible situations, but I would assume that if your prints have to be scanned to open some sort of security mechanism or to obtain access to a secure area, you have to have readable fingerprints, otherwise you're S.O.L.
(OT side note: at that summer job, I also learned that egg incubator facilities have to employ specially trained Japanese sex differentiators, and that the best ones all come from Japan, with a less than 1% margin of error -- they pick up each chick, and look at its ass, then put it on the male or female conveyor belt. Don't ask me what they look for to make the difference between males and females, they never told me.)
How about incorporating pulse oximetry (Score:2, Interesting)
Not conclusive... (Score:2, Interesting)
In order to get the latent prints (from which the 'fake' prints are created), the experimenters had their subjects wipe their finger on their nose (to make the latent prints easier to capture), had them press their finger on a glass platen, and even checked if their fingers had scars (if so, they chose another, better finger).
With this kind of cooperation and preparation, no wonder they beat the systems. As anyone knows, once you have someone on the inside you can break any security system.
In the real world, latent prints are blurred, not defined; smudged, not clean; and might not even be the finger the user has enrolled in the fingerprint device itself. Fingers don't come with labels like 'index' or 'thumb'.
Again, if the experimenters retrieved their samples from a dirty beer glass in a smoky bar I'd be more concerned, but...they didn't. The world of the lab is a lot different from the real world.
Let's take these reports in context, fellow Slashdotters.
In any case, I say we argue for fingerprint devices that protect fingerprint templates by matching and storing them on-board a device that you carry with you as another reply mentioned, where the fingerprint templates are encrypted or protected.
Re:Airport Police (Score:5, Interesting)
I think you missed his point, Dook"43".
He did not say that efforts to stop terrorism shouldn't be made, only that the efforts that are currently being made are pure PR fluff. Having M16 armed national guardsmen at airports was absurd. What were they supposed to accomplish? In any instance, opening fire with a machine gun in a crowded airport lobby would kill far more innocent people than terrorists. Not to mention, just how were these guardsmen supposed to tell if someone was a terrorist, before blowing themselves up or driving an explosive laden vehicle into the terminal?
Lets talk about other "safety" measures:
1) Turn all airport screeners into government employees. Well, now our dear TSA is moving to recertify airports to use private screeners.
2) Even with government screeners, security is like tissue paper. I attended a conference last week, and one of the vendors was giving out "swiss army" type knives, 5 blades + corkscrew, etc. He told me he had dumped a box 50 of these into his bag, and at the last minute decided to carry that bag on instead of checking it. He didn't even remember that the box was in there until he was in the air. He stayed quiet about it until after he landed, because he didn't want to get stuck somewhere in middle america. Security never even noticed. (BTW, he said he did report it to airport security after he landed and was outside the secured zone.)
If we are going to be serious about security follow El Al's proceedures, most of which are deliberately kept very quiet and out of the public view. Instead the current administration follows a typical american penchant to do something, anything that makes a lot of noise and is very visible for "feel good" moments, but which accomplish either nothing, or the opposite of what they are supposed to.
Re:They'll stay to raise the threshold... (Score:3, Interesting)
It's even easier than that. (Score:5, Interesting)
A friend of mine in the office has some sort of skin condition which causes his hands to produce very acidic sweat. It's acidic enough to buff the leather on his steering wheel and gear shifter. His fingers will erase the letters off the keys on some keyboards (I assume some keyboards use better quality ink that is more resistant). Coffee mugs with cheap paint on them suffer the same fate on the handles.
This person can open any fingerprint-protected laptop in the office (we bought a bunch of these from some company who was beta-testing them, they are now out of production) and make it boot. He just smears his fingertip onto the sensor and wiggles it a little bit, and the machine accepts it as an authorized print.
These fingerprint detectors are of the capacitance-coupling variety. I don't know if the same trick works with the other fingerprint sensor technologies.
Is it possible to fool iPaq fingerprint scanner?? (Score:2, Interesting)
Re:Airport Police (Score:2, Interesting)
Probably the same way people put up with political bullshit on Slashdot.
They either ignore it or have a knee-jerk reaction.