Fingerprint Scanners Still Easy to Fool 378
Anlan writes "A Swedish student wrote her Master's thesis about current fingerprint technology. After a thorough literature study some live testing took place. Simple DIY fingerprint copies were used (detailed how-to in the thesis). Have current commercial products improved as much as proponents claim? Well, this qoute from the abstract says it all: 'The experiments focus on making artificial fingerprints in gelatin from a latent fingerprint. Nine different systems were tested at the CeBIT trade fair in Germany and all were deceived. Three other different systems were put up against more extensive tests with three different subjects. All systems were circumvented with all subjects' artificial fingerprints, but with varying results.' You can guess how happy the sales people at CeBIT were - most systems claim to be spoof proof..."
Airport Police (Score:5, Insightful)
Re:Airport Police (Score:4, Funny)
Re:Airport Police (Score:3, Insightful)
Re:Airport Police (Score:5, Insightful)
The war on terror isn't about the terrorists, it's all PR.
Re:Airport Police (Score:3, Funny)
Gee! A little respect! These are hard working patriots, protecting the american public from multiple threats and dangers of all sorts!
Ts ts ts ts ts!
They enlist themselves and their kids to fight wars on terrors(TM) and defend democracy and freedom and the Values of Western Civilization(TM), at least we could show some respect to that Saintly Sacrifice!
Do you think it's easy to torture Iraqi people in order to liberate them?
Re:Airport Police (Score:5, Informative)
Granted, I'm not an American so maybe my perception is different, but the sight of nervous 19 year olds with M16s at Logan airport in late 2001 did not make me feel "protected".
Re:Airport Police (Score:3, Informative)
Granted, I'm not an American so maybe my perception is different, but the sight of nervous 19 year olds with M16s at Logan airport in late 2001 did not make me feel "protected".
Don't worry, I read in Bruce Scheiner's Beyond Fear that there are no bullets in the M16s, it would be way too dangerous. It's really just for the show.
Damn, the guys with these empty weapons must feel like complete morons.
Re:Airport Police (Score:3, Informative)
- the sight of nervous 19 year olds with M16s at Logan airport in late 2001 did not make me feel "protected".
How about the fact that the rifles you saw were unloaded [google.com]?Re: (Score:3, Insightful)
Re:Airport Police (Score:3, Insightful)
Agreed.
Bullshit. Aznar was voted out because he had done everything wrong, and the bombings showed conclusively that all the things that had been done to make everybody feel so much safer was a com
Re:Airport Police (Score:4, Insightful)
If the war on terrorism was about decreasing terrorism, the US wouldn't have invaded Iraq. Iraq had nothing to do with any terrorism, but they did have plenty of oil. You figure it out. You have to be seriously missing the plot if you can't understand it.
Re:Airport Police (Score:4, Insightful)
Re:Airport Police (Score:4, Insightful)
The war was a great idea if you want oil. Seeing as it's for one of the greatest oil reserves in the world, if you win, you get lots of oil. If you push the price up in the mean time, you've won even more. It's simple.
What about Donald Rumsfeld meeting Saddam - by your logic, he's as bad as Saddam, as he didn't punch his lights out.
"Your either with us or against us" is the most ridiculous, basic argument for attacking or praising anyone ever thought up. It's pure hype and BS. You have to be a right sucker to believe in it.
It is very hard to believe Iraq was a danger to the world. It had ridiculous weapons, a tiny army, and a leader hated by its military. It was as threatening as a dead bluebottle. If you can't see that, you've been suckered in by the pentagon, or you just missed the entire story.
Can you give specific examples of Saddam Hussein sponsoring terrorism? I guarantee you I can find even more showing Bush's support for terrorism...
Re:Airport Police (Score:5, Informative)
A significant factor in Afghanistan and Iraq was oil. You assert price as some sort of proof against it. But price increases are to the benefit of the producers, which the Bush family have been known to dabble in from time to time. As well as their family friends, the House of Saud.
The whole issue of invading an oil-rich country is to control it for the current set of Oil Barons. Bush's administration is packed with folks like that. (Duh.) Price is simply not an issue.
Iraq was no world threat. About the only sovereign place that would really find Iraq threatening was Israel. And the last time I checked, Israel wasn't the 51st American state, and had no legal representation in any American legislature. If there's anything to be said for American fears of being controlled by foreign interests, then why won't we deal with Israeli influence upon the American military?
As for criminal negligence, you are in direct hypocritical peril considering how much of that charge can be levelled at the American CIA, FBI and military command (specifically the Commander in Chief, whom you may have heard of) when 911 was being planned and executed. Libya is far more at fault for harboring terrorists, but after Bush's speeches on Afghanistan, Iraq, Syria, Iran and North Korea, you'll note a sound basis to my skepticism about Bush's due diligence. At any rate, any lax policy in Iraq about terrorist assholes cannot justify: invading Iraq, killing tens of thousands of her citizens (remember, she had an army, not of terrorists, but of Iraqi citizens who were defending against invaders), and taking control of her infrastructure.
The summary of my statements here would revolve around the idea that America attacked Iraq twice in 12 years for no valid reason. America cannot make the case that it was acting in self-defense, since Iraq made no moves onto American territory. And as for WMDs, we only have to look at Israel to speculate on the term "double standard".
Face facts, Ace: you've been bamboozled into thinking that America's assaults in the Middle East are not the Imperialist moves that they actually are. Perhaps when you find that you can't even afford to bury your own war-dead sons, then you'll wake up to realize the murderous and barbaric culture that you had been supporting.
Re:Airport Police (Score:5, Interesting)
I think you missed his point, Dook"43".
He did not say that efforts to stop terrorism shouldn't be made, only that the efforts that are currently being made are pure PR fluff. Having M16 armed national guardsmen at airports was absurd. What were they supposed to accomplish? In any instance, opening fire with a machine gun in a crowded airport lobby would kill far more innocent people than terrorists. Not to mention, just how were these guardsmen supposed to tell if someone was a terrorist, before blowing themselves up or driving an explosive laden vehicle into the terminal?
Lets talk about other "safety" measures:
1) Turn all airport screeners into government employees. Well, now our dear TSA is moving to recertify airports to use private screeners.
2) Even with government screeners, security is like tissue paper. I attended a conference last week, and one of the vendors was giving out "swiss army" type knives, 5 blades + corkscrew, etc. He told me he had dumped a box 50 of these into his bag, and at the last minute decided to carry that bag on instead of checking it. He didn't even remember that the box was in there until he was in the air. He stayed quiet about it until after he landed, because he didn't want to get stuck somewhere in middle america. Security never even noticed. (BTW, he said he did report it to airport security after he landed and was outside the secured zone.)
If we are going to be serious about security follow El Al's proceedures, most of which are deliberately kept very quiet and out of the public view. Instead the current administration follows a typical american penchant to do something, anything that makes a lot of noise and is very visible for "feel good" moments, but which accomplish either nothing, or the opposite of what they are supposed to.
Re:Airport Police (Score:3, Insightful)
And he has a point too, just because they were never trained for airport security doesn't mean theyre stupid. And either way they deserve a modicum of respect for the commitment that they have made to their country.
Oops, i'm a fascist.
Re:Airport Police (Score:5, Funny)
>>scanners, in the US Internaitonal Airport ?
No, they'll just continue to refuse letting travellers use gelatin molds in place of their real hands.
Re:Airport Police (Score:5, Insightful)
Re: stage makeup, fake finger (Score:3, Insightful)
There's a big difference. If someone compromises your lock, you can change it.
If someone compromises your finger, you can't chop it off and grow a new one. Your method of authentication is screwed for the rest of your life.
--
*Art
They'll stay to raise the threshold... (Score:5, Insightful)
Re:They'll stay to raise the threshold... (Score:3, Funny)
Re:They'll stay to raise the threshold... (Score:5, Insightful)
I would describe John Hinckley, as average at best, and he stepped forward from a crowd of television reporters and fired six shots hitting the President (Reagan) and others.
Re:They'll stay to raise the threshold... (Score:3, Insightful)
Yea he shot the President - when the President was in lower security then normal (walking to his car surrounded by about 8 people is barely any security, especially when a ton of people are surrounding them). But what happend to him? Did he sneak away? Nope - he got busted. Now try and shoot the president AND slink aw
Re:They'll stay to raise the threshold... (Score:3, Funny)
Re:They'll stay to raise the threshold... (Score:3, Interesting)
Re:Airport Police (Score:4, Funny)
Re:Airport Police (Score:4, Funny)
As a self-appointed representative of ... (Score:5, Funny)
Shhhhhhhhhhhhhhhhhhh!!!!!
Please remember this the next time a non-productive "feature" is uncovered.
Easy Solution (Score:5, Funny)
Re:Easy Solution (Score:3, Insightful)
Re:Easy Solution (Score:5, Insightful)
So what happens when some law enforcement organization such as the police or the passport office want to take your fingerprints? Do you deny their request and don't get anything done, or do you use glove prints rather than fingerprints. Even worse, what if someone hacks into the police database and creates fake gloves with other people's fingerprints etched in them?
As much as the privacy advocates will laugh at this news article, fingerprints have been a proven source of clues for law enforcement agencys for decades. Nowadays, we have more sophisticated methods of detecting whether someone might have been at the scene of a crime or not, but fingerprinting is nice, quick, easy, and obvious. Of course, every system in existence can be fooled, and if you're really willing to break the system, you can. However, I hate to think that people other than the tinfoil hat crowd would be so concerned about fingerprints that they would wear gloves all the time. This is much more a legislative issue than it is a technological issue. Unless we stop legislative processes invading our privacy, technological means will be only a band-aid onto the root of the problem.
Re:Easy Solution (Score:3, Informative)
Fortunately for him, Spain independantly matched the fingerprint to a known terrorism suspect then in Spain. The only reason the fingerprint matched the American was because it was slightly smudged.
Re:Easy Solution (Score:3, Informative)
That's why fingerprint databases don't store the full image of a fingerprint, only hashes which can verify a fingerprint, but not reconstruct it.
J311-0 (Score:5, Funny)
That's great to know that some of the world's most sophisticated security systems can be circumvented with Jell-O
Re:J311-0 (Score:4, Funny)
So if you can open your car with fingerprints... (Score:4, Insightful)
fix? (Score:2, Interesting)
Re:fix? (Score:5, Insightful)
Re:fix? (Score:2)
Re:fix? (Score:3, Insightful)
Is this is the state of our security today?
Great minds think alike (Score:4, Informative)
Re:Great minds think alike (Score:2)
Re:fix? (Score:5, Interesting)
Re:fix? (Score:2)
Re:fix? (Score:3, Interesting)
Re:fix? (Score:3, Interesting)
-B
Re:fix? (Score:4, Insightful)
It would also be impossible to use. 98.6 degrees is the temperature of certain orifices in your body. These orifices are generally pretty good at maintaining a certain amount of heat. However, your hands and feet are extremities that do not keep a constant temperature. In fact, your body will sometimes shut off the blood flow if it needs the heat somewhere else.
This means that you'll never be able to accurately predict the lower bounds of finger temperature. Someone may have just been outside in cold weather. Or they may have poor blood flow to their hands (e.g. my wife's hands barely even show up on an heat sensitive screen). Similarly, they may have just touched a warm car door, or lit up a cigarette. Maybe they have some coffee in their hands.
Basically, there's almost no way short of human or artificial intelligence to near flawlessly determine if the fingerprint belongs to a real human or not.
Re:fix? (Score:5, Insightful)
98 degrees is an average core body temperature, extremedies generally run cooler. Thats why your testicles hang down - they dont work at 98 degrees, they need to be cooler. It's also why briefs and tight pants make you sterile.
Besides, all you'd have to do is put the fake finger in a cup of warm (98 degree) water..
I think the real solution is to realize that this kind of shit only works in movies or cartoons right now.
Huh? (Score:3, Funny)
[cue Butthead laugh]
Re:fix? (Score:3, Interesting)
How many people would want to live at work every time they get the flu? Someone would let them out eventually, but it makes thing harder. And I can rub the gelatin mould in my hand, to warm it up.
Re:fix? (Score:2)
-the user was holding a coffee, or a can of soft drink before trying to gain admittance.
-Or it's winter and they just took off their gloves.
-User went to washroom, and cleaned their hands, with water that is colder or warmer than their skin temperature, or dried them with friction or blown heat
Re:fix? (Score:2)
In the great words of Sean Connery (Score:5, Funny)
- SNL Celebrity Jeopardy
Something you have and Something you know (Score:5, Insightful)
Think of the simple RSA keyfob some of us carry; it gives us a number and we use that PLUS a password to get into secure systems (have + know).
Carry this one step further and have the system check your fingerprint/handprint/iris/whatever PLUS ask for a password.
I personally think it's damn scary in this age of terrorism that someone could fake a biometric and get onto a plane; if the airlines for example issued me a unique password to go along with fingerprint (or whatever) recognition then I'd feel a whole bunch better about the entire process and the underlying technologies.
Re:Something you have and Something you know (Score:5, Insightful)
The problem is that "something you are" is just a really weak version of "Something you have". Why is it weak? Because once it is compromised, you can never get it back. Never.
If my RSA fob is stolen, I can get it reissued. If my password is stolen, I generate a new one. What am I supposed to do when my fingerprint shows up on Kazza? Sure, I can use one of the other nine, then once they're compromised, use my toes, after that...?
Biometrics have a (small) part to play in security. But relying on them for anything important is daft.
T
Re:Something you have and Something you know (Score:4, Interesting)
None of the companies that manufacture biometric scanning technology can implement that without running afoul of the patent.
And the amount this shyster company is asking for is ludicrous. Hence, that kind of system is never used.
Re:Something you have and Something you know (Score:3, Insightful)
Re:Something you have and Something you know (Score:3, Informative)
If you must fear something, fear sleeper agents more than known international terrorists. Besides, terrorists hit where you don't expect (so, planes should be safe for the foreseeable future).
Re:Something you have and Something you know (Score:5, Funny)
Because counter-terrorist come from America, as everyone knows. And the America's is entirely peopled with infidels. And infedels are used to having people not trust them, as you are not trusted by me. So I can clearly not attack with a plane.
and you must have suspected I would have known you where an infidel, so I can clearly have to attack with a plane.
You've beaten my Sadam, which means you're exceptionally strong. So, you could have placed your men on the plane, trusting on your strength to save you. So I can clearly not choose to attack with a plane. But, you've also bested my sleeper cells. And in studying, you must have learned that terrorist are dangerious so you would stay as far away from us as possible, so I can clearly attack with a plane.
Re:Something you have and Something you know (Score:3, Funny)
Mod parent up, +1 Princess Bride
Re:Something you have and Something you know (Score:2)
So you can expect... (Score:3, Interesting)
Are you surprised? (Score:2, Insightful)
As is true with any security measure, if it can br beaten, the geeks will find a way.
Re:Are you surprised? (Score:3, Insightful)
Re:Are you surprised? (Score:2)
fingerprints at all... (Score:5, Interesting)
Who cares about the scanners when the real problem lies in something entirely different?
A more foolproof method (Score:2, Funny)
Okay. (Score:5, Insightful)
Oh, come on.... (Score:2)
Plug the product... I would be interested to find out who is doing this type of research and looking up documentation on how it works if possible. Sounds interesting. Post as AC or something :)
Re:Oh, come on.... (Score:2, Informative)
Re:Okay. (Score:3, Informative)
Obviously, wearing t
Lo-tech method (Score:4, Interesting)
Oily Mess (Score:2)
GroupShares Inc. [groupshares.com] - A Free and Interactive Stock Trading Community
james bond (Score:2)
I seem to remember him picking off some fake fingerprints he used to pick up a wineglass with at some womans place (who 'gasp' turned out to be a spy for the 'other' side..)
Re:james bond (Score:2, Informative)
Re:james bond (Score:2)
thanks, was sitting here poking around IMDB trying to remember which one that was.
The CIA will love this (Score:4, Interesting)
Re:The CIA will love this (Score:2)
Re:The CIA will love this (Score:3, Informative)
There is not such thing as an absolute proof of identity, only a trust relationship.
It's wafer thin... (Score:5, Funny)
The main problem with liveness detection methods based on extra hardware, is that the scanners have to be adjusted to operate e±ciently in different kinds of environments, leading to problems when using a wafer-thin artifcial fingerprint glued on to a live finger.
And finally, monsieur, a wafer-thin fingerprint. Oh sir...it's only wafer thin.
Could someone explain 4.5.3 to me? (Score:2)
Re:Could someone explain 4.5.3 to me? (Score:5, Informative)
Re:Could someone explain 4.5.3 to me? (Score:2, Informative)
even if they did work (Score:3, Interesting)
Accidental Discovery (Score:5, Interesting)
Re:Accidental Discovery (Score:4, Interesting)
Fastforward to years later, I have to get a security clearance, and therefore have to get fingerprinted... So I asked the cop about this sort of situation.
He told me that if they can't let a suspect go until they can ascertain his/her identity. So it's in the suspect's best interest to have printable fingerprints.
Obviously this cop wasnt very forthcoming with answers for all possible situations, but I would assume that if your prints have to be scanned to open some sort of security mechanism or to obtain access to a secure area, you have to have readable fingerprints, otherwise you're S.O.L.
(OT side note: at that summer job, I also learned that egg incubator facilities have to employ specially trained Japanese sex differentiators, and that the best ones all come from Japan, with a less than 1% margin of error -- they pick up each chick, and look at its ass, then put it on the male or female conveyor belt. Don't ask me what they look for to make the difference between males and females, they never told me.)
calcium hydroxide burns (Score:5, Informative)
Uh, that's because calcium hydroxide -burned- it off, not "wore it down". It's actually quite common, because there is a delay between exposure and reaction. Well, that and people think "hey, it's just rocks and dirt and stuff, i don't have to wear gloves..."
Re:calcium hydroxide burns (Score:3)
Fact is... (Score:3, Insightful)
Re:Fact is... (Score:3, Insightful)
I think that's rubbish. If I want to steal your fingerprint then I don't have to actually take something from you at all. I could just follow you around and watch what you touch or pick up, and then go back a take my sample a long time after you're gone. Hell I could even visit your car or front house door late at night.
Stealing a PIN is way way harder and requires considerable more effort and resources than that.
Non-US student (Score:4, Insightful)
Story (Score:4, Interesting)
Just thought I'd mention it. :) The story also had "heavy water fusion batteries" 4 years before the world learned the term "cold fusion". This was back in 1985 before my creativty was destroyed by life and career and reality television.
Liveness detection (Score:4, Funny)
"So why does it have a rectal probe?"
"That's just part of the design."
What's the big deal (Score:3, Insightful)
Finger. Print. Scanners.
They're not "Absolute Identity Verifiers", or "Identity Truth Machines".
They are simply tools to be used with other forms and methods of identification. Are *all* fingerprinting validation systems supposed to include "temperature, pulse, blood pressure, electric resistance, etc"? Only if some company were relying on fingerprints ALONE to verify someone's identity. But NO company would rely on fingerprints alone. Also, it would make the machine MUCH too costly for anybody to buy.
The bottom line is, yeah sure, fingerprint scanners can't tell the difference between a human finger and a gelatin one. But if a fingerprint is *all* that it takes to get access to something, then the institution has problems that dig far deeper than the inadequacies of any fingerprint scanner.
It's even easier than that. (Score:5, Interesting)
A friend of mine in the office has some sort of skin condition which causes his hands to produce very acidic sweat. It's acidic enough to buff the leather on his steering wheel and gear shifter. His fingers will erase the letters off the keys on some keyboards (I assume some keyboards use better quality ink that is more resistant). Coffee mugs with cheap paint on them suffer the same fate on the handles.
This person can open any fingerprint-protected laptop in the office (we bought a bunch of these from some company who was beta-testing them, they are now out of production) and make it boot. He just smears his fingertip onto the sensor and wiggles it a little bit, and the machine accepts it as an authorized print.
These fingerprint detectors are of the capacitance-coupling variety. I don't know if the same trick works with the other fingerprint sensor technologies.
just another argument against cheap stuff (Score:4, Insightful)
this thesis is only a better documented, nicely written replay of a japanese experiment from some years ago :
the matsumoto experiment [cryptome.org]
and it surely doesnt mean the biometrics are not secure!
a complete biometrics based security solution has 3 "components" :
Something you know: e.g. a password or a PIN.
Something you hold: e.g. a credit card, a key, or a passport.
Something you are (biometrics): e.g. a fingerprint, iris pattern, etc.
their demonstration only fooled the 3-rd component of such a system ... which means they got NOTHING! ... plus, the most secure fingerprint scanners read the biometric info from under the epidermis(the outer "dead" skin) and are not so easily fooled with an artificial finger or fingertip ... the fact that they tested cheap of-the-shelf hardware is not exactly concludent.
.. while unfailible security does not exist, biometrics can make a big difference when used right!
The whole study is just an argument against bad hardware and sloppy security systems, not against the usage of the biometrics
Re:Fingerprint scanners aren't as good as people t (Score:2)
AFIS (Automated Fingerprint ID Systems) are pretty good at matching. Instead of saying "this is the person you're looking for", it gives a weight and gives the top possible matches. It's still up to a human (or humans) to make the final determination that the fingerprint in
Re:another solution.... (Score:2)
Re:Why am I not surprised... (Score:5, Funny)
Re:Slashdot How-to.. (Score:3, Funny)