August 28th, 2002, 01:48 PM
Mission: Impossible - Fooling fingerprint readers
I recently read this article and wanted to share it with you. Things we expect we'd only see on movies do happen in reality!
The complete text can be read here, and a presentation on how precisely he did it can be downloaded here.
Matsumoto, a Japanese cryptographer, has successfully done some experiments against eleven commercially available fingerprint biometric systems, and was able to reliably fool all of them
. The results are enough to scrap the systems completely, and to send the various fingerprint biometric companies packing.
There's both a specific and a general moral to take away from this result. Matsumoto is not a professional fake-finger scientist; he's a mathematician. He didn't use expensive equipment or a specialized laboratory. He used $10 of ingredients
you could buy, and whipped up his gummy fingers in the equivalent of a home kitchen. And he defeated eleven different commercial fingerprint readers, with both optical and capacitive sensors, and some with "live finger detection" features. (Moistening the gummy finger helps defeat sensors that measure moisture or electrical resistance; it takes some practice to get it right.) If he could do this, then any semi-professional can almost certainly do much much more.
Damn, what next? Fooling retina scan with a crystal ball? I think no biometric system is foolproof...
Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds
August 28th, 2002, 01:54 PM
Kinda reminds me of the film Gattica, where the dude takes a whole new identity - 'borrowed ladder', they called it in the movie - using another persons identity and passing it as your own.
Nothing can be 100% fullproof can it? Didn't they recently test the face recognition system at some airport and it failed miserably? I just hope with all these people finding ways around fingerprinting/face recognition systems, that the government won't try and push for ID chips being implemented in all of us - that would not be a future I would like to see.
So I guess it's an open market really. If you can think of a sure way of identifying people, without inserting chips into everyone, you'll be a pretty rich guy/girl - start the ideas rolling I say.
\"Do you know what people are most afraid of?
What they don\'t understand.
When we don\'t understand, we turn to our assumptions.\"
-- William Forrester
August 28th, 2002, 02:06 PM
I don't think there's ever going to be a full proof security system.If there's people smart enough to make them,there's people smart enough to break them.I'd be willing to bet that even implanting ID chips wouldn't work for long.After a couple months you'd get some guy that sees a few million dollars coming his way if he can deactivate the chips and he'd find a way.(Hell I'd pay $20 to have my ID chip deactivated)If retinal scans become a common place thing,then you'll have some people fooling the scanner with somewhat lagit means and other people ripping out one anothers eyeballs.I say stick to the good old fashioned passwords encryption and burgler alarms.
[shadow]I don\'t believe in anarchy.If you\'re not smart enough to beat the system it\'s your problem.
August 28th, 2002, 02:54 PM
The question then would be....How long can you keep a Finger fresh or an Eye open?
then you'll have some people fooling the scanner with somewhat lagit means and other people ripping out one anothers eyeballs.
Can only complete the crime once too.
August 29th, 2002, 04:41 AM
finger prints have not been fool proof for a long time. I do not know of any crimes where peeps have been able to pull it off. It is much better then your sig.
Ill THink of one when i get time.
August 29th, 2002, 04:54 AM
Going around gouging out peoples eye balls with a rusty spoon would be a little extreme. Why not just use some fancy contact lenses or something.
Its not software piracy. Iím just making multiple off site backups.
August 29th, 2002, 05:48 AM
I don't think there will ever be anything more secure than a well chosen password.
Biometrics really aren't the best of solutions, from articles such as this and others that I have read almost every biometric security device has been fooled. Fingerprint scans have been fooled by methods such as these, face scans follied with mere still pictures and video loops on a laptop display, and I remeber mention of a way eye (retina) scans have been fooled (I'll try searching for the article).
Anyway, my point is- you only have one face, one set of fingerprints, ect. - Once those are comprimised you can't go changing them.
Biometrics can also arise privacy concerns, do I really want my face and fingerprints stored on file?
August 29th, 2002, 07:53 AM
individual biometric systems won't work, however a collection of difficult to bypass systems could allow for a very high reliability...
perhaps, fingerprint (multiple digits checked), facial recognition, speach printing, and a password...
someone may be able to assume someone elses identity for 1 or more of those testing methods, but the odds that someone could fool all of the tests while under supervision is probably so high that they'd be acceptible..