Gummi bears defeat fingerprint sensors
Thread Starter
Former Moderator
Joined: Oct 2000
Posts: 20,448
Likes: 0
From: internet
another tasty tidbit from The Reg. This is indeed a sticky situation, but let's not have any finger pointing.
http://www.theregus.com/content/55/24956.html
Gummi bears defeat fingerprint sensors
By John Leyden
Posted: 05/16/2002 at 08:05 EST
A Japanese cryptographer has demonstrated how fingerprint recognition devices can be fooled using a combination of low cunning, cheap kitchen supplies and a digital camera.
First Tsutomu Matsumoto used gelatine (as found in Gummi Bears and other sweets) and a plastic mould to create a fake finger, which he found fooled fingerprint detectors four times out of five.
Flushed with his success, he took latent fingerprints from a glass, which he enhanced with a cyanoacrylate adhesive (super-glue fumes) and photographed with a digital camera. Using PhotoShop, he improved the contrast of the image and printed the fingerprint onto a transparency sheet.
Here comes the clever bit.
Matsumoto took a photo-sensitive printed-circuit board (which can be found in many electronic hobby shops) and used the fingerprint transparency to etch the fingerprint into the copper.
From this he made a gelatine finger using the print on the PCB, using the same process as before. Again this fooled fingerprint detectors about 80 per cent of the time.
Fingerprint biometric devices, which attempt to identify people on the basis of their fingerprint, are touted as highly secure and almost impossible to fool but Matsumoto's work calls this comforting notion into question. The equipment he used is neither particularly hi-tech, nor expensive and if Matsumoto can pull off the trick what would corporate espionage boffins be capable of?
Matsumoto tried these attacks against eleven commercially available fingerprint biometric systems, and was able to reliably fool all of them.
Noted cryptographer Bruce Schneier, the founder and CTO of Counterpane Internet Security, described Matsumoto's work as more than impressive.
"The results are enough to scrap the systems completely, and to send the various fingerprint biometric companies packing," said Schneier in yesterday's edition of his Crypto-Gram newsletter, which first publicised the issue.
http://www.theregus.com/content/55/24956.html
Gummi bears defeat fingerprint sensors
By John Leyden
Posted: 05/16/2002 at 08:05 EST
A Japanese cryptographer has demonstrated how fingerprint recognition devices can be fooled using a combination of low cunning, cheap kitchen supplies and a digital camera.
First Tsutomu Matsumoto used gelatine (as found in Gummi Bears and other sweets) and a plastic mould to create a fake finger, which he found fooled fingerprint detectors four times out of five.
Flushed with his success, he took latent fingerprints from a glass, which he enhanced with a cyanoacrylate adhesive (super-glue fumes) and photographed with a digital camera. Using PhotoShop, he improved the contrast of the image and printed the fingerprint onto a transparency sheet.
Here comes the clever bit.
Matsumoto took a photo-sensitive printed-circuit board (which can be found in many electronic hobby shops) and used the fingerprint transparency to etch the fingerprint into the copper.
From this he made a gelatine finger using the print on the PCB, using the same process as before. Again this fooled fingerprint detectors about 80 per cent of the time.
Fingerprint biometric devices, which attempt to identify people on the basis of their fingerprint, are touted as highly secure and almost impossible to fool but Matsumoto's work calls this comforting notion into question. The equipment he used is neither particularly hi-tech, nor expensive and if Matsumoto can pull off the trick what would corporate espionage boffins be capable of?
Matsumoto tried these attacks against eleven commercially available fingerprint biometric systems, and was able to reliably fool all of them.
Noted cryptographer Bruce Schneier, the founder and CTO of Counterpane Internet Security, described Matsumoto's work as more than impressive.
"The results are enough to scrap the systems completely, and to send the various fingerprint biometric companies packing," said Schneier in yesterday's edition of his Crypto-Gram newsletter, which first publicised the issue.
That's cool. Smart guy. 
Registered User
Joined: Oct 2001
Posts: 1,611
Likes: 0
From: Melbourne
This is why more than one means of authentication is necessary. We have an area at work that uses a badge, biometrics (hand scanner), and a PIN number which each have to be entered in a certain period of time. Not foolproof, but pretty secure.
Registered User
Joined: Apr 2001
Posts: 1,209
Likes: 0
From: Anchorage
Biometrics can work as a security layer, but as with any technology it can be defeated.
I think an iris scanner is the way to go for biometrics. You never hear about latent iris prints being left around, and let's see that guy try to put super glue in someone's eye!
With layers of security, a biometric reader would provide a compliment to other layers (i.e. a PIN, smartcard badge, etc). As a stand alone technology, it doesn't stand a chance.
I think an iris scanner is the way to go for biometrics. You never hear about latent iris prints being left around, and let's see that guy try to put super glue in someone's eye!
With layers of security, a biometric reader would provide a compliment to other layers (i.e. a PIN, smartcard badge, etc). As a stand alone technology, it doesn't stand a chance.
Thread
Thread Starter
Forum
Replies
Last Post