Source:
www.sans.org
Phony Fingerprints Fool Biometric Readers
Fake fingerprints fashioned from gelatin were able to fool biometric
fingerprint readers 80% of the time, according to research performed
by Japanese researchers. The researchers also devised a way to create
fake fingerprints from fingerprints left on glass surfaces.
http://news.com.com/2100-1001-915580.html
http://www.theregister.co.uk/content/55/25300.html
http://news.bbc.co.uk/hi/english/sci...00/1991517.stm
[Editor's (Ranum) Note: It is probably worth mentioning that under
$10 worth of stuff was needed to pull this off - no rocket science
required.
(Murray) This attack is a classic replay (or forgery) attack. Nothing
impressive about it. Replays are not unique to fingerprints.
Replays are a fundamental vulnerability of all biometrics. That is
why we insist upon strong authentication, that is, at least two forms
of evidence (something only one person has, knows, is, or can do) at
least one of which is implemented in such a way as to resist replay.
Those who continue to search for the perfect authenticator (easy
to use, can be reconciled at a distance, easy to enroll, cannot be
forgotten, lost, stolen or copied) are looking for magic.]