Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Faking fingerprints

  1. #11
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    \\ nice, so i can do back up collection of fingerprints now in case if some one of personal disapire. //



    /me laughing
    // too far away outside of limit

  2. #12
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    I was working at a place today which employed a full palm reader for thier employees. Not for access and egress to the building, though - for the punch clock.

    ...

    Yes, that's right. They have the technology in place to read employees' palms to punch in and out of work, but not to actually track entries to the building. The reason they gave me actually made sense.

    They have contractors in and out occasionally whose job might require them to be at the plant for a week, which means that by the time the system has thier palm print and they're sure it's a good imprint (sometimes it takes a week to get it right), the job is done. It's just not worth the effort to implement because of the problems it causes. They use prox cards instead for access to the building. Semi-permanent contractors are granted access to the building after signing a non-disclosure agreement. They could require employees to use a hand print for building access as well, but so long as anybody can open the doors without it, it's rather a useless measure. The palm scanner is in place to prevent employees from punching other employees' cards.

    This isn't always the case, but it did prove to me that there are in many cases logistical problems which make the use of biometrics, and other non-traditional (as of today) security measures impractical.

    It would also be interesting to see if a technique such as the one above could be used to fool a full palm scanner.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  3. #13
    Senior Member
    Join Date
    Dec 2001
    Posts
    291
    The gummy bear and fogging up of print methods both failed on the Microsoft USB reader (round $25.00 retail). I've had mixed results using molded dummies (we tried Alginate, french casting wax, and beeswax) alginate seems to be the more effective of the three but a pain to work with. so far our highest success ratio has been around 16% using the thumb and around 12% using the index finger. I assume this has something to do with pressure applied by the fingers. We have not yet actually attempted to "lift" a print and have been molding prints direct which leads me to beleive that while possible, fooling these devices is not extremely trivial. We tried with the rubber glass coating on and off of the scanner with the best results while having the rubber coating on. Coincedentally reading the finger itself worked better with the coating on as well (havent fully explored this one, my guess is that the rubber coating cuts down on grease transfer).

    Beyond that we havent really put too much effort into it, the alginate and waxes were all lying around from a previous project involving casting a childs face. I would assume that using a more fluid substance and amplifying the ridges (via picture enhancement perhaps) would increase the chances of success (or failure).

    Either way, we picked these things up to simplify simple website and application logons with nothing terribly sensitive, they work well and the software will not allow you to use it for domain logon (nice feature to keep those less paranoid from doing so). I am curious however as to where and how it stores the passwords you set it up with in your user profile as the security risk in these may be more the storage of credentials rather than the idea of tricking the device itself. Just a thought.
    ~THEJRC~
    I\'ll preach my pessimism right out loud to anyone that listens!
    I\'m not afraid to be alive.... I\'m afraid to be alone.

  4. #14
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Striek: you could employ the same techniques in the ccc article to defeat palm readers I reackon, this is how i would do it - bribe one of the cleaners (in London it apparently costs £20, don't know where i read that, its in a BBC artcle though) to steal a mouse and then use the same process again, might require more enhancement..

    be interesting to see if it would work

    i2c

  5. #15
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    Er,

    I have a bit of experience here so lemme tell ya how I can beat mine. (does rely on having a victim)

    1. acquire a set of toner handlers gloves.
    2. acquire 1 tin of 3M binding spray. (like the glue on post it notes)

    Steps.

    Very lightly spray the scanner with the 3m spray allow to lightly cover.

    Allow your victim to ident them selves on the scanner

    walk up and press your finger on the pad.

    the 3m spray lifts an image of their fingerprint onto its surface (try pressing on post it note glue to see what I mean.)

    by pressing on the scanner with the glove you activate the reader which due to the lack of a fingerprint on your glove will read the residue from under it.

    This actually worryingly does work.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •