Doctors Bypass Biometric Scanners With Fake Fingers - Slashdot

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

×

Doctors Bypass Biometric Scanners With Fake Fingers 139

Posted by Soulskill on Friday March 15, 2013 @01:43PM from the no-technology-can-trump-laziness dept.

jfruh writes "At a Brazilian hospital, doctors were required to check in with a fingerprint scanner to show that they've showed up for work. Naturally, they developed a system to bypass this requirement, creating fake fingers so that they could cover for one another when they took unauthorized time off. Another good example of how supposedly foolproof security tech can in fact be fooled pretty easily."

This discussion has been archived. No new comments can be posted.

Doctors Bypass Biometric Scanners With Fake Fingers

Search 139 Comments Log In/Create an Account

Comments Filter:

An important reminder... (Score:5, Interesting)

by fuzzyfuzzyfungus ( 1223518 ) writes: on Friday March 15, 2013 @01:52PM (#43184421) Journal

In addition to being a reminder that the people with a hard-on for 'biometrics' are either morons(Here you go, you were born with only ten passwords, so don't lose them!) or primarily interested in surveillance and tracking, or both; this is a useful reminder that 'security' is a system of interlocking parts Not a product you buy from your Solutions Vendor(tm) and set-and-forget.
We have the one doctor, who was caught with the fake fingers, along with at least three others who were ghosting through their shifts. She claims that they leaned on her, threatened her job if she refused to help with the con, they probably claim that she was in on the con and was absent on other days. Regardless of which of those is true, how many other people at the hospital would be in the position to notice whether or not a doctor is present and doing stuff? Probably more than a few. The front-desk servitors had to know what patient flow looked like, restock requests for supplies in various exam rooms can't have looked right, there are a lot more details than the punch-card machine here. This hospital isn't so much suffering from a 'fingerprint scanners are oversold' problem; but a problem with either massive cheating and/or apathy toward cheating, or unaccountable abuse of authority to suppress people who could have blown the whistle.

Share
twitter facebook
Re:"supposedly foolproof security tech" (Score:5, Interesting)

by Let's All Be Chinese ( 2654985 ) writes: on Friday March 15, 2013 @02:08PM (#43184633)

You'd have to be a right fool to be unable to fool these things [slashdot.org]. As in the link, as here, the application has very little to do with security. It's a people problem, and you can't fix those solely with technology.
Worse, treating it as a technical problem and attacking it with security kit gives a strong signal to your own {doctors,pupils,*} that they're all criminals and need to be treated as such. This in turn creates a powerful incentive to game the system.
What we have here is an incompetent administration trying to fix their mess through shitting on their underlings some more, using technology. Underlings know and dislike this.
And so gaming the system is what they'll do. This quite apart from biometrics being inappropriate everywhere but in criminal forensics. Be careful what you ask for and all that.

Parent Share
twitter facebook
Biometric system is insecure by design (Score:5, Interesting)

by jd659 ( 2730387 ) writes: on Friday March 15, 2013 @02:13PM (#43184701)

It surprises me that many debate the “security” of the fingerprint scanners while omitting the major flaw of any biometric system – it is not revocable. You cannot simply reset someone’s fingertips if the system for that instance has been compromised. With pretty much all other authentication there’s some mechanism to delete the bad entry: a password can be reset, a certificate can be revoked, a compromised key can end up in the black list, etc. None of this is possible with any biometric system. Even if it takes an elaborate trickery and a lot of resources to duplicate a finger, a hand, or a mockup of the retina scan, once it’s done, it cannot be “cancelled” at the biometric system level.

Share
twitter facebook
Re:Retina Scanners... (Score:5, Interesting)

by Vicarius ( 1093097 ) writes: on Friday March 15, 2013 @02:29PM (#43184887)

Pulse detector can be fooled too. Check the end of this presentation, where he tried different molds and techniques, and finally succeeds opening a safe that detects pulse using a fake fingerprint: DEFCON 19: Safe to Armed in Seconds: A Study of Epic Fails of Popular Gun Safes [youtube.com].

Parent Share
twitter facebook
Re:Biometrics are not secrets. (Score:1, Interesting)

by Terkanil ( 1533411 ) writes: on Friday March 15, 2013 @02:36PM (#43184951) Homepage

Biometrics are not difficult. Others have commented on this as well. For demonstrations with Biometrics, there's an episode of Mythbusters that is right up you're alley. They laughably show how easy it is to bypass multiple biometric options.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

Save the whales. Collect the whole set.