Aussie Kids Foil Finger Scanner With Gummi Bears 303
mask.of.sanity writes "An Australian high school has installed 'secure' fingerprint scanners for roll call for senior students, which savvy kids may be able to circumvent with sweets from their lunch box. The system replaces the school's traditional sign-in system with biometric readers that require senior students to have their fingerprints read to verify attendance.
The school principal says the system is better than swipe cards because it stops truant kids getting their mates to sign-in for them. But using the Gummi Bear attack, students can make replicas of their own fingerprints from gelatin, the ingredient in Gummi Bears, to forge a replica finger. The attack worked against a bunch of scanners that detect electrical charges within the human body, since gelatin has virtually the same capacitance as a finger's skin."
Next up... (Score:5, Insightful)
And the kids circumvent it by keeping the gummy bears in their pockets on the way to class.
Once again, a "foolproof" system proves to be only as useful as the fool who invented it.
The Future is Secure (Score:5, Insightful)
Let's see... (Score:5, Insightful)
* You have to buy a new system and probably sign a support contract for it
* It ties up personnel with deployment
* It doesn't work any better than the old system
* It raises significant privacy issues not present in the old system
* It raises huge data security and disposal issues not present in the old system
* Adding a new student is more invasive and time consuming than in the old system
* Fingerprint biometrics can track an arbitrarily large set of individuals...but they can only distinguish a few hundred
Yep, that sounds like a textbook example of educational bureaucracy.
The Future is FAR from Secure (Score:3, Insightful)
I agree that its a stupid and lazy approach. But there is only so much you can do to "make it compelling" until reality sets in that discipline is necessary for children.
The oldest approach is still the best - have teachers (and not machines) who **recognize** kids conduct roll calls.
Re:Next up... (Score:5, Insightful)
As far as the human body goes, there are only a few things that are really "constant." Exposure to allergens or illness change the voice enough that it will fail vocal characteristic matching. Taking biometric readouts of a facial structure fails the moment someone has a serious traffic accident, gets any sort of illness that causes facial swelling, or simply grows out their facial hair.
Fingerprints? I think we've done that one pretty much to death.
The best suited is probably retinal or iris scanning, but even those have issues. Retinal scanning fails on any number of degenerative disorders affecting the blood flow, like diabetes and glaucoma. It also fails to properly record and identify on people with moderate to severe cataracts and astigmatism. There are also some pretty hefty privacy issues with retinal scanning, since it can be used to diagnose a number of diseases and conditions - AIDS, syphilis, a number of other STD's, malaria, chicken pox, hereditary diseases like lymphoma and anemia, and even pregnancy.
Iris scanning will fail to recognize due to tinted glasses or cosmetic contact lenses, and it'd be pretty easy to spoof them with a contact lens "printed" to someone else's pattern that is opaque around the ~750nm wave band that most NIR (Near Infrared) scanners use - and the reason they predominantly use NIR is that if you don't pick that specific band, light reflections from the cornea throw enough noise into your scan image to make it virtually unusable. For the really cheap-ass iris scanners, a suitable high-quality picture of someone's eye may even be sufficient to spoof.
And of course, both retinal and iris scanners will fail out if they don't have an incredibly controlled environment - stick a retinal or iris scanner in an area with bright sunlight or inconsistent lighting, and you may as well just chuck the thing out the window, because iris contractions to open/close the pupil will make your scan worthless.
Of course, you could put a hooded structure that people have to stick their eyeball on to look into in order to get scanned. That'll last all of about 2 days before some prankster gets the idea to smear some india ink or something else around the edge of the eyeball viewer...
Re:Next up... (Score:5, Insightful)
I can just see it now. Next they come up with one to detect "body heat" in the finger.
Or they just try to ban gummi bears. If they're coming up with a stupid fingerprint scanner, these are obviously the typical school administrators, cut from the same cloth as those who gave their students laptops and didn't tell them they'd be watching them through the webcam at all times, adding to the contraband list is probably going to be their first reaction. Maybe if the ban fails miserably, they'll just tattoo barcodes onto their foreheads.
I suspect the public would not be so willing to accept encroaching police states and governments slowly taking away our rights if schools had to actually justify shit like this to the students.
Re:Next up... (Score:5, Insightful)
Re:Next up... (Score:5, Insightful)
Re:Next up... (Score:4, Insightful)
so RFID under the skin it is then....
Re:Next up... (Score:5, Insightful)
Easy, just scan people as they walk by, record their numbers and get yourself an adjustable implant. You could change identities whenever you please. That is probably the easiest to spoof of all.
Re:The Future is FAR from Secure (Score:3, Insightful)
Kids in some areas of the world willfully walk miles to school every day. Why? because they are learning. In America, our schools force our students to memorize arbitrary facts in arbitrary order with no regard to context or meaning. This is problematic because the brain is typically terrible at memorizing out of context, out of order, arbitrary information, we have a very small capacity for it. On the other hand, it is possible to cover several weeks of math in a single day, and the students will enjoy and remember it, it is is conceptual, in proper context, and useful. I learned partial fraction decomposition 4 years ago, and just learned a use for it today in differential equations. All you have to do to compel students to attend school is to teach them, instead of screaming at them to memorize totally pointless bullshit while eating shitty food, being told what they are allowed to say and where they have to be every minute of the day, even when they are allowed to go to the bathroom, and they can be arrested for being physically attacked. Of course truancy is a problem in this bullshit hell of a system.
Support real education reform. Well educated children don't need strict discipline, because they know better, they understand why it is bad to do X action. But if you just scream at them "OBEY ME OR SUFFER!" of course they are going to be angsty and rebellious. What an insensitive clod.
Called me old fashioned (Score:2, Insightful)
Matt? "Present Miss" (Score:5, Insightful)
"Here Miss"
"Peter?"
"Present Miss"
"Well it looks like everyone who's going to be here is here already, let's get started!" She thought knowing full well that a few of the students skipping the class will be reported to the principle yet again.
Fingerprints? Really? Whatever is wrong, it's not the fault of the system that has served us for hundreds of years, and doesn't need some stupid technology to fix it.
Re:Next up... (Score:5, Insightful)
There's one, worse problem. Compromised credentials can't be changed. Only revoked. So someone somehow acquired your retina scan... sorry, Your credentials as compromised have been revoked, you're fired, come back when you get new retinas.
Re:The Future is FAR from Secure (Score:5, Insightful)
That being said, I understand your broader point and agree somewhat. Education has to be relevant, it should be interesting, and it shouldn't be one-size-fits-all. However, if we're honest we have to admit that that kind of system is expensive, demands teaching excellence, is hard to assess, and complicated to run. The US has over 60 million students in primary and secondary schools - that's an enormous population. There are a lot of problems with education in the west - most of them related to broader social issues like violence, poverty, ignorance et al - but it’s not nearly as bad as some of us seem to feel. There is a logic to a lot of the problems you’re complaining about and while matters could possibly be dealt with in better ways it’s going too far to claim the system itself is bullshit hell.
Is it really that difficult? (Score:2, Insightful)
Re:Next up... (Score:5, Insightful)
Re:Next up... (Score:5, Insightful)
How about "education"? (Score:5, Insightful)
If the problem with cards was that people were swiping their friend's cards, and the problem with fingerprints is that they're faking them, then the problem seems to be a social one.
As noted, there's no technical solution that will keep motivated teenagers at bay.
Kids Are Alright (Score:4, Insightful)
While school kids may yet learn to scam extra lunches and play hooky through the use of gummi candy biometrics, the headline is bogus. None of the linked articles reported that any kids anywhere are doing anything with gummi bears except fucking up their teeth.
Re:Next up... (Score:4, Insightful)
Re:How about "education"? (Score:5, Insightful)
If the problem with cards was that people were swiping their friend's cards, and the problem with fingerprints is that they're faking them, then the problem seems to be a social one.
As noted, there's no technical solution that will keep motivated teenagers at bay.
Yes there is -- at least, if your goal is that they be in class: have the teacher check who's there in the first minute of the lesson. Loads of schools in Britain use some kind of electronic system to do this (there are various manufacturers). Of course, it takes some time at the start of the lesson, so why not combine the two systems? Have the swipe card system, and then a message to tell the teacher "22 students have registered for this class". She can then verify this.
(I had a friend at a different school back in 2002 with the swipe card system. He made money by charging other students to swipe their cards before class. Many of these students could afford this since they were paid to go to school [wikipedia.org].)
Re:Matt? "Present Miss" (Score:5, Insightful)
Actually, it's even easier than this. At the school I work for the teachers know what the students look like and what their names are. If one of the seats in the classroom is empty, usually it means a student is missing. If another student tries to impersonate someone you can tell by looking at them. So far this system is working pretty well. I'm pretty sure it's cheaper than a fingerprint scanner too.
Re:Next up... (Score:5, Insightful)
Re:Next up... (Score:3, Insightful)
Actually, what the Mythbusters found was that their high end fingerprint lock, which claimed to check for pulse, heat and capacitance, could be fooled with nothing more than a (moistened) photocopy of a finger.
Laptop scanners fared better, but the door ones seem to be security theatre.
Re:Next up... (Score:3, Insightful)
Re:How about "education"? (Score:3, Insightful)
In that case the system has failed to meet the stated requirements: ensuring attendance.
UK schools dont rely on this, they rely on teachers actually recognising who they are teaching. Simple method, requires a bit of brainpower from the teacher though.
Re:Next up... (Score:1, Insightful)
The technology to uniquely identify and authenticate an individual is going to get better, and it is going to become harder for the average person to forge and use an alternative identity.
I have no intention of "forging" an identity, my aim is anonymity.
Unfortunately, the same technology that is being developed for authentication will also be applied to identification and tracking.
Sounds like the time for the IR LED Hat [hacknmod.com] is quickly approaching.
Perfect Solution (Score:3, Insightful)
Re:How about "education"? (Score:5, Insightful)
Agreed.
Honestly what is it with all this concern about truancy.
Just let the idiot kids skip a lot and fail. They can enjoy working as a lower class minimum wage bum. Stop making life a Pain in the Arse for the others that actually care about their education.
MY 18 year old was floored when she said, "Dad will be upset with my grades this semester"... and I responded with, "You are in college on student loans. I'm not the one that needs to be upset. In fact I don't care if you blow off school. You will be the one that cant get a job and have a nice big debt over your head. I'll be disappointed, but you are an adult, if you want to screw up your own life... feel free to do so!"
It changed her attitude overnight. Suddenly stopped partying with friends all the time and now is paying attention. Nothing like smacking your kid in the face with the carp of reality to wake them up.
Honestly, let the loser kids that do not want to learn to skip or drop out. The world needs septic tank cleaners.
Re:How about "education"? (Score:4, Insightful)
takes even less time if the kids have assigned seats. Not difficult to see that Bobby's desk is empty. Not a big hit with the kids, but effective.