Slashdot Mirror
Fingerprint Scanners Still Easy to Fool
Anlan writes "A Swedish student wrote her Master's thesis about current fingerprint technology. After a thorough literature study some live testing took place. Simple DIY fingerprint copies were used (detailed how-to in the thesis). Have current commercial products improved as much as proponents claim? Well, this qoute from the abstract says it all: 'The experiments focus on making artificial fingerprints in gelatin from a latent fingerprint. Nine different systems were tested at the CeBIT trade fair in Germany and all were deceived. Three other different systems were put up against more extensive tests with three different subjects. All systems were circumvented with all subjects' artificial fingerprints, but with varying results.' You can guess how happy the sales people at CeBIT were - most systems claim to be spoof proof..."
From the document abstract... "A description of different liveness detection methods is presented and discussed. Methods requiring extra hardware use temperature, pulse, blood pressure, electric resistance, etc., and methods using already existent information in the system use skin deformation, pores, perspiration, etc."
If you must fear something, fear sleeper agents more than known international terrorists. Besides, terrorists hit where you don't expect (so, planes should be safe for the foreseeable future).
Just like how terrorist activity was up in 2003 but they said it was down; just for PR.
There was a piece on NPR last week about an American who was charged with terrorism in Spain because his fingerprint was there. He was in America at the time the event occured, but two fingerprint experts (his own and the FBI's) verified that the prints matched.
Fortunately for him, Spain independantly matched the fingerprint to a known terrorism suspect then in Spain. The only reason the fingerprint matched the American was because it was slightly smudged.
tasks(723) drafts(105) languages(484) examples(29106)
You're right about that. It was in Diamonds Are Forever. Bond was posing as a diamond thief, if I'm remembering correcting, while meeting with the real theif's contact for something. The real theif and the contact had never actually meet face to face before and the only identification she had to verify his identity were his finger prints. So, Q mad a set of fake "press on" prints for Bond.
I myself have an identical twin brother, and our fingerprints are nothing alike. Fingerprints are a developmental feature, not a genetic one.
There is no mod option "-1: Disagree" for a reason. "Overrated" is not an acceptable substitute. Post something instead.
Okay, Assuming you are still reading this.. check out the Tensor 4210 sub-dermal reader, there are a lot of other products out there that do the same thing. If it can be found OEM, then it might be worth half a poop. Otherwise you're married :( product marriage + attempted product development = low return/failure. But I'm preaching to the choir here ;)
Twins don't have the same fingerprint. Twins have similar prints because the basic print is determined genetically. However prints can be altered in the amniotic environment. The skin of a fetus is "soft" and "pruny" like you are when you are in the bathtub. Depending on how the fetus is laying or pressed against something the prints can be molded slightly differently in each twin. So they are not identical but similar.
There is not such thing as an absolute proof of identity, only a trust relationship.
Can You Say Linux? I Knew That You Could.
Most international airports in the US use fingerprints for verification only and rely on either smart cards and/or PINs for identification purposes. So while it's certainly possible to fake the fingerprint, it's much harder to gain unauthorized access when you have to combine 2 or 3 of the "something you have/know/are" methods of security.
You can force someone to enter a PIN and put their finger on the reader, but that's what duress codes are for (a PIN seperate from your own that indicates you are entering your PIN under threat/duress and will generate an alarm to security).
Our airports (or any other buildings) will never be totally secure, all we can do is keep making it harder on the people who are trying to gain unauthoriezd access.
My Sig is Sauer.
Uh, that's because calcium hydroxide -burned- it off, not "wore it down". It's actually quite common, because there is a delay between exposure and reaction. Well, that and people think "hey, it's just rocks and dirt and stuff, i don't have to wear gloves..."
Please help metamoderate.
The thesis tested one of those at the trade show. You wear the artificial fingertip on your real hand, so it contains normal human tissue and bone structure. In fact, the real issue is that a real finger has a bunch of non-distinctive live matter covered by a layer of distinctive dead matter (your epidermis, with your fingerprints, is dead cells). It's very difficult to detect the difference between dead matter that's supposed to be there and dead matter that's not supposed to be there.
Obviously, wearing the fake on your real hand is necessary if you want to fool the security guard as well.
Even worse, what if someone hacks into the police database and creates fake gloves with other people's fingerprints etched in them?
That's why fingerprint databases don't store the full image of a fingerprint, only hashes which can verify a fingerprint, but not reconstruct it.
Wrong, I think. They index the databases using hashes, because otherwise a linear search of the whole database would take forever. But if they get a hit, they pull up the raw data to let a human have an opinion of the quality of the match. It doesn'rt matter during the detection stage, but courts won't take a machine's word for it on the match - they insist on a human experts opinion on the match between suspect and scene-of-crime.
Consciousness is an illusion caused by an excess of self consciousness.
Damn, but Sweden makes some mighty fine women. Must be something in the water....
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
Granted, I'm not an American so maybe my perception is different, but the sight of nervous 19 year olds with M16s at Logan airport in late 2001 did not make me feel "protected".
{sigh} So much Limbaugh-esque mythology, so little time.
A significant factor in Afghanistan and Iraq was oil. You assert price as some sort of proof against it. But price increases are to the benefit of the producers, which the Bush family have been known to dabble in from time to time. As well as their family friends, the House of Saud.
The whole issue of invading an oil-rich country is to control it for the current set of Oil Barons. Bush's administration is packed with folks like that. (Duh.) Price is simply not an issue.
Iraq was no world threat. About the only sovereign place that would really find Iraq threatening was Israel. And the last time I checked, Israel wasn't the 51st American state, and had no legal representation in any American legislature. If there's anything to be said for American fears of being controlled by foreign interests, then why won't we deal with Israeli influence upon the American military?
As for criminal negligence, you are in direct hypocritical peril considering how much of that charge can be levelled at the American CIA, FBI and military command (specifically the Commander in Chief, whom you may have heard of) when 911 was being planned and executed. Libya is far more at fault for harboring terrorists, but after Bush's speeches on Afghanistan, Iraq, Syria, Iran and North Korea, you'll note a sound basis to my skepticism about Bush's due diligence. At any rate, any lax policy in Iraq about terrorist assholes cannot justify: invading Iraq, killing tens of thousands of her citizens (remember, she had an army, not of terrorists, but of Iraqi citizens who were defending against invaders), and taking control of her infrastructure.
The summary of my statements here would revolve around the idea that America attacked Iraq twice in 12 years for no valid reason. America cannot make the case that it was acting in self-defense, since Iraq made no moves onto American territory. And as for WMDs, we only have to look at Israel to speculate on the term "double standard".
Face facts, Ace: you've been bamboozled into thinking that America's assaults in the Middle East are not the Imperialist moves that they actually are. Perhaps when you find that you can't even afford to bury your own war-dead sons, then you'll wake up to realize the murderous and barbaric culture that you had been supporting.
[You have a stable society when some nut guns down a schoolyard and the law doesn't change.]
Granted, I'm not an American so maybe my perception is different, but the sight of nervous 19 year olds with M16s at Logan airport in late 2001 did not make me feel "protected".
Don't worry, I read in Bruce Scheiner's Beyond Fear that there are no bullets in the M16s, it would be way too dangerous. It's really just for the show.
Damn, the guys with these empty weapons must feel like complete morons.
- the sight of nervous 19 year olds with M16s at Logan airport in late 2001 did not make me feel "protected".
How about the fact that the rifles you saw were unloaded?-- @rjamestaylor on Ello
when the National Guard were deployed to the
USA's airports, they were never issued ammo.
The worst they could have done is install their
bayonet (for crowd control purposes(?)).
It was strictly a Bush PR move. And 2-1/2 yrs
later, the situation regarding the "war on
terrorism" hasn't evolved much. The USA still
has unguarded borders and seaports. Both
illegal immigration and the rate of identity
theft are both higher now than before 9/11/01.
It sure isn't any comfort that fingerprint
scanners are so ineffective, just as have
iris scanners also proven to be. What's
next? Maybe implanted RFID chips?