Doctors Bypass Biometric Scanners With Fake Fingers - Slashdot

Follow Slashdot blog updates by subscribing to our blog RSS feed

×

Doctors Bypass Biometric Scanners With Fake Fingers 139

Posted by Soulskill on Friday March 15, 2013 @01:43PM from the no-technology-can-trump-laziness dept.

jfruh writes "At a Brazilian hospital, doctors were required to check in with a fingerprint scanner to show that they've showed up for work. Naturally, they developed a system to bypass this requirement, creating fake fingers so that they could cover for one another when they took unauthorized time off. Another good example of how supposedly foolproof security tech can in fact be fooled pretty easily."

This discussion has been archived. No new comments can be posted.

Doctors Bypass Biometric Scanners With Fake Fingers

Search 139 Comments Log In/Create an Account

Comments Filter:

Biometrics are not secrets. (Score:5, Insightful)

by Anonymous Coward writes: on Friday March 15, 2013 @01:47PM (#43184363)

All the security experts who think that biometrics are the end-all-be-all of security are mistaken. Biometrics are not secrets, so once one knows your biometric id, they can impersonate you and you can't change your password!

Share
twitter facebook
Re:Biometrics are not secrets. (Score:0, Insightful)

by Anonymous Coward writes: on Friday March 15, 2013 @01:55PM (#43184481)

You're a homosexual rapist?

Parent Share
twitter facebook
Re:Retina Scanners... (Score:4, Insightful)

by K. S. Kyosuke ( 729550 ) writes: on Friday March 15, 2013 @02:00PM (#43184553)

I think you mean iris scanners. Retina scanners are science fiction.
Why, you mean the doctors can't diagnose retina diseases because you can't see the retina through the pupil?

Parent Share
twitter facebook
Re:An important reminder... (Score:4, Insightful)

by Archangel Michael ( 180766 ) writes: on Friday March 15, 2013 @02:06PM (#43184607) Journal

Technology cannot ever fix Sociological problems, it can only mask them.
We design technology in ways so that it routes around failures, and then wonder why it fails when humans do the same thing. You want to solve the problem of people not showing up for work, you fire them or put them on 2 week unpaid leave, or doc their pay, or whatever. If you aren't going to do anything about it, then stop making noise and let them skip out.
Why is this so hard?

Parent Share
twitter facebook
Re:Retina Scanners... (Score:5, Insightful)

by ShanghaiBill ( 739463 ) * writes: on Friday March 15, 2013 @02:15PM (#43184719)

Probably would have held out longer.
A fingerprint scanner with a pulse detector (which many have) would have been fine too. Any security system can be bypassed with enough effort, so you need to consider what you are trying to protect, and make sure bypassing security is more trouble than it is worth. A doctor who wants an extra day off will obviously make a fake finger, but may not go to the trouble of making a pulse generator.

Parent Share
twitter facebook
Re:An important reminder... (Score:4, Insightful)

by SirGarlon ( 845873 ) writes: on Friday March 15, 2013 @02:17PM (#43184759)

In addition to being a reminder that the people with a hard-on for 'biometrics' are either morons
There's a difference between 'uninformed' and 'moronic.' Part of the problem with IT security is that it's full of self-proclaimed experts who heap scorn on the uninformed instead of trying to educate them. You're not one of those, are you?

Parent Share
twitter facebook
Re:"supposedly foolproof security tech" (Score:5, Insightful)

by ackthpt ( 218170 ) writes: on Friday March 15, 2013 @02:17PM (#43184761) Homepage Journal

Let's face it, nothing will ever be secure as long as people are involved.
Time to start getting rid of them. ;)

Parent Share
twitter facebook
Re:An important reminder... (Score:3, Insightful)

by Anonymous Coward writes: on Friday March 15, 2013 @02:43PM (#43185019)

You educate your sociopathic boss who reads Wired and thus (thinks he) knows more about this stuff than you. You can't, and he now hates you because you "subverted his authority". Guess what? He's moronic.

At the other end of the spectrum: Go ahead and educate Johnny Salesman. His eyes glaze over, and he's now thinking about watching the big game with his Bud Lite in hand. He's not listened to a word you've said. You've wasted your time and his. Guess what? He's moronic.

The vast majority of people aren't us. The vast majority of people look at a black box and don't wonder how it works, what's inside it, or if it can be bypassed somehow. They look at a black box, and all they see is a black box. They only care enough about how it works to be comfortable enough with so they do not actively have to think about it. I'm all for the altruistic spread of knowledge, but the only thing that happens whenever you try to get people to genuinely think is that they typically come off hating you in the end.

Parent Share
twitter facebook
Re:Biometrics are not secrets. (Score:5, Insightful)

by Anonymous Coward writes: on Friday March 15, 2013 @02:45PM (#43185047)

So how would using a password-based system prevent the doctors from sharing their passwords with each other and continue slacking off?
That's a social problem. There is no technological solution. I repeat, technology cannot solve every problem. How do you solve this problem? Check once and a while. The guys daughter was listed as being there every day for three years and never worked a single day. The people who just trusted a glorified punch card machine instead of once verifying it in person should be fired too.

Parent Share
twitter facebook
Re:What? (Score:5, Insightful)

by DMUTPeregrine ( 612791 ) writes: on Friday March 15, 2013 @04:21PM (#43185867) Journal

NO!

Biometrics aren't a replacement for passwords, they're a replacement for USERNAMES. They provide a "something you have" factor to authentication, there still needs to be a "something you know."

Like usernames they aren't secret. They don't need to be secret, and they can be copied without ruining the security of the system. They don't need to be changed, and are unique to each user. Biometrics are great when used as usernames, and a security nightmare waiting to happen when used as a password.

Parent Share
twitter facebook
Re:Biometrics are not secrets. (Score:5, Insightful)

by swillden ( 191260 ) writes: <shawn-ds@willden.org> on Friday March 15, 2013 @10:26PM (#43188255) Journal

Biometrics are good for two categories of applications: Super high security, James Bond type stuff, and casual semi-security, where you want something to keep out the lazy but don't care that much. In between, they're broken.
They work great in high-security applications when you have a controlled environment, which generally means an attended environment -- a guard is standing there very carefully watching the scanning process, and the scanners and all of the support systems are tightly secured.
And they're fine in circumstances where you don't care very much.
In between, biometrics are not secrets, and the fact that some scanner reported an image which appears to match means very little.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

interlard - vt., to intersperse; diversify -- Webster's New World Dictionary Of The American Language