Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprint Scanners Still Easy to Fool

Posted by michael on from the mission-possible dept.

Anlan writes "A Swedish student wrote her Master's thesis about current fingerprint technology. After a thorough literature study some live testing took place. Simple DIY fingerprint copies were used (detailed how-to in the thesis). Have current commercial products improved as much as proponents claim? Well, this qoute from the abstract says it all: 'The experiments focus on making artificial fingerprints in gelatin from a latent fingerprint. Nine different systems were tested at the CeBIT trade fair in Germany and all were deceived. Three other different systems were put up against more extensive tests with three different subjects. All systems were circumvented with all subjects' artificial fingerprints, but with varying results.' You can guess how happy the sales people at CeBIT were - most systems claim to be spoof proof..."

54 of 378 comments (clear)

  1. Airport Police by mirko · · Score: 5, Insightful

    So, will they remove these fingerprint scanners, in the US Internaitonal Airport ?

    --
    Trolling using another account since 2005.
    1. Re:Airport Police by loyalsonofrutgers · · Score: 3, Funny

      It doesn't really matter, odds are they're not even plugged in.

    2. Re:Airport Police by Stargoat · · Score: 4, Funny

      Airport! No, don't bring that up! George Bush will have to invade Sweden now!

      --
      Hoist Number One and Number Six.
    3. Re:Airport Police by dave420 · · Score: 5, Insightful
      No, because it appears like they're actually doing some good. Just like when they had the national guard monkeys running around with M16s. Absolutely no use whatsoever, but makes the American public go "Gee - we're so protected! I love our President(tm)!"

      The war on terror isn't about the terrorists, it's all PR.

    4. Re:Airport Police by wo1verin3 · · Score: 5, Funny

      >>So, will they remove these fingerprint
      >>scanners, in the US Internaitonal Airport ?

      No, they'll just continue to refuse letting travellers use gelatin molds in place of their real hands.

    5. Re:Airport Police by XryanX · · Score: 5, Insightful

      I'm sure someone that was trained in stage makeup could easily make a fake finger that would slip over their real one, and yet still look realistic.

    6. Re:Airport Police by Captain+Caveman · · Score: 4, Funny

      Yes, they will be replaced by rectal scanners because it is impossible to make a perfect gelatin mold out of your ass.

    7. Re:Airport Police by dave420 · · Score: 4, Insightful
      The 3,000 dead on 9/11 died in a single incident, 3 years ago. Those who died in Afghanistan and Iraq died at American hands. I stand by my point - what age of terrorism?

      If the war on terrorism was about decreasing terrorism, the US wouldn't have invaded Iraq. Iraq had nothing to do with any terrorism, but they did have plenty of oil. You figure it out. You have to be seriously missing the plot if you can't understand it.

    8. Re:Airport Police by CreatureComfort · · Score: 5, Interesting


      I think you missed his point, Dook"43".

      He did not say that efforts to stop terrorism shouldn't be made, only that the efforts that are currently being made are pure PR fluff. Having M16 armed national guardsmen at airports was absurd. What were they supposed to accomplish? In any instance, opening fire with a machine gun in a crowded airport lobby would kill far more innocent people than terrorists. Not to mention, just how were these guardsmen supposed to tell if someone was a terrorist, before blowing themselves up or driving an explosive laden vehicle into the terminal?

      Lets talk about other "safety" measures:
      1) Turn all airport screeners into government employees. Well, now our dear TSA is moving to recertify airports to use private screeners.
      2) Even with government screeners, security is like tissue paper. I attended a conference last week, and one of the vendors was giving out "swiss army" type knives, 5 blades + corkscrew, etc. He told me he had dumped a box 50 of these into his bag, and at the last minute decided to carry that bag on instead of checking it. He didn't even remember that the box was in there until he was in the air. He stayed quiet about it until after he landed, because he didn't want to get stuck somewhere in middle america. Security never even noticed. (BTW, he said he did report it to airport security after he landed and was outside the secured zone.)

      If we are going to be serious about security follow El Al's proceedures, most of which are deliberately kept very quiet and out of the public view. Instead the current administration follows a typical american penchant to do something, anything that makes a lot of noise and is very visible for "feel good" moments, but which accomplish either nothing, or the opposite of what they are supposed to.

      --
      "Unheard of means only it's undreamed of yet,
      Impossible means not yet done." ~~ Julia Ecklar
    9. Re:Airport Police by presarioD · · Score: 3, Funny

      national guard monkeys

      Gee! A little respect! These are hard working patriots, protecting the american public from multiple threats and dangers of all sorts!

      Ts ts ts ts ts!

      They enlist themselves and their kids to fight wars on terrors(TM) and defend democracy and freedom and the Values of Western Civilization(TM), at least we could show some respect to that Saintly Sacrifice!

      Do you think it's easy to torture Iraqi people in order to liberate them?

      --
      Yam, yam, uga booga, yam, yam, yade, yade, uga booga, yam, yam, yade, yade
    10. Re:Airport Police by dave420 · · Score: 3, Insightful

      By invading Iraq he's turned it into a hotbet of terrorist activity. He actively made the world a more dangerous place. That was the only possible outcome of the action. That man did not have an alterior reason for what he did - it was oil, plain and simple. I mean, why else would you send hundreds of thousands of troops into a country to fight a war everyone's saying can't be won, against international will, which will obviously and eventually worsen the very cause you say you're fighting for? If it wasn't for oil, Bush is quite likely the very stupidest individual the world has ever seen, let alone president. Sheesh.

    11. Re:Airport Police by dave420 · · Score: 3, Insightful
      Saddam hated Osama each other more than Bush hates either of them. Their islamic leanings didn't gel, in fact quite the opposite.

      The war was a great idea if you want oil. Seeing as it's for one of the greatest oil reserves in the world, if you win, you get lots of oil. If you push the price up in the mean time, you've won even more. It's simple.

      What about Donald Rumsfeld meeting Saddam - by your logic, he's as bad as Saddam, as he didn't punch his lights out.

      "Your either with us or against us" is the most ridiculous, basic argument for attacking or praising anyone ever thought up. It's pure hype and BS. You have to be a right sucker to believe in it.

      It is very hard to believe Iraq was a danger to the world. It had ridiculous weapons, a tiny army, and a leader hated by its military. It was as threatening as a dead bluebottle. If you can't see that, you've been suckered in by the pentagon, or you just missed the entire story.

      Can you give specific examples of Saddam Hussein sponsoring terrorism? I guarantee you I can find even more showing Bush's support for terrorism...

    12. Re:Airport Police by jrumney · · Score: 4, Informative
      Just like when they had the national guard monkeys running around with M16s. Absolutely no use whatsoever, but makes the American public go "Gee - we're so protected! I love our President(tm)!

      Granted, I'm not an American so maybe my perception is different, but the sight of nervous 19 year olds with M16s at Logan airport in late 2001 did not make me feel "protected".

    13. Re:Airport Police by rdsmith4 · · Score: 3, Insightful
      The war on terror isn't about the terrorists, it's all PR.

      But that's the point! Terror is not about killing people, it's about scaring the public and causing them to act a certain way. The train bombing in Madrid, for example, though didn't kill a whole lot of people, was completely effective because the Spanish public immediately voted in a leader with a soft spot for terrorists, and he immediately pulled all Spanish troops out of Iraq. The terrorists got what they wanted by scaring the people - not killing them.

      How safe we actually are is entirely irrelevant - it's how safe we feel.

    14. Re:Airport Police by LaCosaNostradamus · · Score: 4, Informative

      {sigh} So much Limbaugh-esque mythology, so little time.

      A significant factor in Afghanistan and Iraq was oil. You assert price as some sort of proof against it. But price increases are to the benefit of the producers, which the Bush family have been known to dabble in from time to time. As well as their family friends, the House of Saud.

      The whole issue of invading an oil-rich country is to control it for the current set of Oil Barons. Bush's administration is packed with folks like that. (Duh.) Price is simply not an issue.

      Iraq was no world threat. About the only sovereign place that would really find Iraq threatening was Israel. And the last time I checked, Israel wasn't the 51st American state, and had no legal representation in any American legislature. If there's anything to be said for American fears of being controlled by foreign interests, then why won't we deal with Israeli influence upon the American military?

      As for criminal negligence, you are in direct hypocritical peril considering how much of that charge can be levelled at the American CIA, FBI and military command (specifically the Commander in Chief, whom you may have heard of) when 911 was being planned and executed. Libya is far more at fault for harboring terrorists, but after Bush's speeches on Afghanistan, Iraq, Syria, Iran and North Korea, you'll note a sound basis to my skepticism about Bush's due diligence. At any rate, any lax policy in Iraq about terrorist assholes cannot justify: invading Iraq, killing tens of thousands of her citizens (remember, she had an army, not of terrorists, but of Iraqi citizens who were defending against invaders), and taking control of her infrastructure.

      The summary of my statements here would revolve around the idea that America attacked Iraq twice in 12 years for no valid reason. America cannot make the case that it was acting in self-defense, since Iraq made no moves onto American territory. And as for WMDs, we only have to look at Israel to speculate on the term "double standard".

      Face facts, Ace: you've been bamboozled into thinking that America's assaults in the Middle East are not the Imperialist moves that they actually are. Perhaps when you find that you can't even afford to bury your own war-dead sons, then you'll wake up to realize the murderous and barbaric culture that you had been supporting.

      --
      [You have a stable society when some nut guns down a schoolyard and the law doesn't change.]
  2. As a self-appointed representative of ... by burgburgburg · · Score: 5, Funny
    the Security Industry, I'd just like to say:

    Shhhhhhhhhhhhhhhhhhh!!!!!

    Please remember this the next time a non-productive "feature" is uncovered.

  3. Easy Solution by Mz6 · · Score: 5, Funny

    Don't let your fingerprints get copied. Wear gloves ALL the time. Problem solved.

    --
    Hmmm.
    1. Re:Easy Solution by jacksonyee · · Score: 4, Insightful

      So what happens when some law enforcement organization such as the police or the passport office want to take your fingerprints? Do you deny their request and don't get anything done, or do you use glove prints rather than fingerprints. Even worse, what if someone hacks into the police database and creates fake gloves with other people's fingerprints etched in them?

      As much as the privacy advocates will laugh at this news article, fingerprints have been a proven source of clues for law enforcement agencys for decades. Nowadays, we have more sophisticated methods of detecting whether someone might have been at the scene of a crime or not, but fingerprinting is nice, quick, easy, and obvious. Of course, every system in existence can be fooled, and if you're really willing to break the system, you can. However, I hate to think that people other than the tinfoil hat crowd would be so concerned about fingerprints that they would wear gloves all the time. This is much more a legislative issue than it is a technological issue. Unless we stop legislative processes invading our privacy, technological means will be only a band-aid onto the root of the problem.

    2. Re:Easy Solution by Short+Circuit · · Score: 3, Informative

      There was a piece on NPR last week about an American who was charged with terrorism in Spain because his fingerprint was there. He was in America at the time the event occured, but two fingerprint experts (his own and the FBI's) verified that the prints matched.

      Fortunately for him, Spain independantly matched the fingerprint to a known terrorism suspect then in Spain. The only reason the fingerprint matched the American was because it was slightly smudged.

      --
      tasks(723) drafts(105) languages(484) examples(29106)
  4. J311-0 by lunarscape · · Score: 5, Funny
    The experiments focus on making artificial fingerprints in gelatin from a latent fingerprint

    That's great to know that some of the world's most sophisticated security systems can be circumvented with Jell-O

    1. Re:J311-0 by Braingoo · · Score: 4, Funny

      Bill Cosby would be proud Hey kids would jou like to try some Jell-o. jou can even use it to steal yor parents credit card number to buy more jell-o!

  5. So if you can open your car with fingerprints... by cacheMan · · Score: 3, Insightful

    make sure not to touch your car much or leave it parked in the same place too long.

  6. In the great words of Sean Connery by imranius · · Score: 5, Funny

    "I'll show you a finger, Trebek!"

    - SNL Celebrity Jeopardy

  7. Something you have and Something you know by VinceWuzHere · · Score: 5, Insightful
    I really don't think that ANY biometric system will be foolproof until the old basic of security is implemented. The scheme is called "Something you have and Something you know" (someone out there does know the right name even if I can't remember it at the moment).

    Think of the simple RSA keyfob some of us carry; it gives us a number and we use that PLUS a password to get into secure systems (have + know).

    Carry this one step further and have the system check your fingerprint/handprint/iris/whatever PLUS ask for a password.

    I personally think it's damn scary in this age of terrorism that someone could fake a biometric and get onto a plane; if the airlines for example issued me a unique password to go along with fingerprint (or whatever) recognition then I'd feel a whole bunch better about the entire process and the underlying technologies.

    1. Re:Something you have and Something you know by Tryfen · · Score: 4, Insightful

      The mantra used to be something you know (password), something you have (ID card), something you are (fingerprint).

      The problem is that "something you are" is just a really weak version of "Something you have". Why is it weak? Because once it is compromised, you can never get it back. Never.

      If my RSA fob is stolen, I can get it reissued. If my password is stolen, I generate a new one. What am I supposed to do when my fingerprint shows up on Kazza? Sure, I can use one of the other nine, then once they're compromised, use my toes, after that...?

      Biometrics have a (small) part to play in security. But relying on them for anything important is daft.

      T

      --
      If a square is really a rhombus, why aren't all triangles purple?
    2. Re:Something you have and Something you know by Anonymous Coward · · Score: 3, Informative
      Right, because the 09/11 hijackers had to fake ID to get on their planes. Oh wait. No, they didn't--they complied with all ID requirements using their real ID.

      If you must fear something, fear sleeper agents more than known international terrorists. Besides, terrorists hit where you don't expect (so, planes should be safe for the foreseeable future).

    3. Re:Something you have and Something you know by BluedemonX · · Score: 3, Interesting

      The reason why many of these systems don't have a "something you have, something you know is".... because somebody (whose "software company" consists of nothing but patent lawyers sitting on ideas) patented that idea.

      None of the companies that manufacture biometric scanning technology can implement that without running afoul of the patent.

      And the amount this shyster company is asking for is ludicrous. Hence, that kind of system is never used.

      --

      --- Jump!! Fire!! Bullet time!! - Lego version of the Matrix
    4. Re:Something you have and Something you know by MindStalker · · Score: 5, Funny

      Now, a clever man would not use a plane, because he would know that only a great fool would repeat the same method. I am not a great fool, so I can clearly not choose to attack with a plane. But you must have known I was not a great fool, you would have counted on it, so I can clearly have to attack with a plane.
      Because counter-terrorist come from America, as everyone knows. And the America's is entirely peopled with infidels. And infedels are used to having people not trust them, as you are not trusted by me. So I can clearly not attack with a plane.
      and you must have suspected I would have known you where an infidel, so I can clearly have to attack with a plane.
      You've beaten my Sadam, which means you're exceptionally strong. So, you could have placed your men on the plane, trusting on your strength to save you. So I can clearly not choose to attack with a plane. But, you've also bested my sleeper cells. And in studying, you must have learned that terrorist are dangerious so you would stay as far away from us as possible, so I can clearly attack with a plane.

  8. Re:fix? by tomcio.s · · Score: 5, Insightful

    Not at all actually, your extremedies (hands, feet) change temperature faster than the core of your body, and most people's extremedies are either colder (more common) or warmer (?) than the core of their body. So to make it heat sensitive would be to deny access to most users.

  9. Re:fix? by ecklesweb · · Score: 3, Insightful
    A person's external skin temp is going to be a lot less than 98.6, and I think it's going to be a lot more variable than a person's internal temperature. Even if that wasn't true, your system would deny access to anyone with a cold and a 1.1 degree fever. Beyond all that, how much harder would it be to mold that fake fingerprint into, say, latex intead of gelatin, and then putting it on the end of an electric heater that pumps out your magic 98.6 degrees?

    Is this is the state of our security today?

  10. Great minds think alike by VinceWuzHere · · Score: 4, Informative

    From the document abstract... "A description of different liveness detection methods is presented and discussed. Methods requiring extra hardware use temperature, pulse, blood pressure, electric resistance, etc., and methods using already existent information in the system use skin deformation, pores, perspiration, etc."

  11. Re:fix? by SlamMan · · Score: 4, Interesting

    Won't work, for all the reasons specified. However, what about recording the body temperature as well as the fingerprint?

    --
    Mod point free since 2001
  12. Re:fix? by AKAImBatman · · Score: 3, Insightful

    It's not a flawless way to fix it, but it would make it at least a bit more difficult to foil, neh?

    It would also be impossible to use. 98.6 degrees is the temperature of certain orifices in your body. These orifices are generally pretty good at maintaining a certain amount of heat. However, your hands and feet are extremities that do not keep a constant temperature. In fact, your body will sometimes shut off the blood flow if it needs the heat somewhere else.

    This means that you'll never be able to accurately predict the lower bounds of finger temperature. Someone may have just been outside in cold weather. Or they may have poor blood flow to their hands (e.g. my wife's hands barely even show up on an heat sensitive screen). Similarly, they may have just touched a warm car door, or lit up a cigarette. Maybe they have some coffee in their hands.

    Basically, there's almost no way short of human or artificial intelligence to near flawlessly determine if the fingerprint belongs to a real human or not.

    --
    Javascript + Nintendo DSi = DSiCade
  13. fingerprints at all... by tuxette · · Score: 5, Interesting
    Probably old news to some, but here's an interesting article about how fingerprints are perhaps not infallible, unique ID, with a link to this article

    Who cares about the scanners when the real problem lies in something entirely different?

    --
    People say I'm crazy, I got diamonds on the soles of my shoes...
  14. Re:fix? by stratjakt · · Score: 5, Insightful

    The temperature of your fingertips is going to vary widely. If you've been holding a cup of coffee, it'll jack up to 110, 120 maybe, if you just came inside it could be down around 60 or so.

    98 degrees is an average core body temperature, extremedies generally run cooler. Thats why your testicles hang down - they dont work at 98 degrees, they need to be cooler. It's also why briefs and tight pants make you sterile.

    Besides, all you'd have to do is put the fake finger in a cup of warm (98 degree) water..

    I think the real solution is to realize that this kind of shit only works in movies or cartoons right now.

    --
    I don't need no instructions to know how to rock!!!!
  15. Okay. by Red+Dane · · Score: 5, Insightful

    Just wanted to interject... I suppose it depends on whether you have one that bounces small radio signals off of the inside of your finger or one that simply captures an image. Certain fingerprint readers bounce radio signals off of the inside of your finger and read the underlying tissue structure (no, I'm not going to plug the product here). This prevents people from doing what she did at the trade convention. Fingerprint technology is always improving, and I'm sure that the industry will take this to heart and make these things even more complex. When you get right down to it, the systems aren't as complex as you might think. Most fingerplate templates weigh in from anywhere to 300 - 600 bytes in size.. but that is more to ease hardware requirements. I think they will combine other methods in the fingerprint taking process and eliminate these problems. Just my take on it, tear it apart guys ;)

  16. Lo-tech method by Zog+The+Undeniable · · Score: 3, Interesting

    I believe c't magazine successfully fooled more than 50% of scanners by placing a clear plastic bag, filled with water, on top of the glass. This makes the greasy residue of the genuine user's fingerprint show up clearly to the scanner.

    --
    When I am king, you will be first against the wall.
  17. The CIA will love this by Timesprout · · Score: 3, Interesting

    If its so easy to falsify fingerprints then they will want more. Say hello to have a DNA sample taken at birth to be used as ID for the rest of your monitored exixtence.

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
  18. It's wafer thin... by MojoRilla · · Score: 4, Funny

    From the thesus...

    The main problem with liveness detection methods based on extra hardware, is that the scanners have to be adjusted to operate e±ciently in different kinds of environments, leading to problems when using a wafer-thin artifcial fingerprint glued on to a live finger.

    And finally, monsieur, a wafer-thin fingerprint. Oh sir...it's only wafer thin.

  19. Accidental Discovery by The+Slashdolt · · Score: 4, Interesting

    In a former career I spent time mixing cement. One day I was mixing a small amount in a 5 gallon bucket. At the time I had nothing to mix it with so I used my hand. After mixing I washed my hand and it was amazingly smooth. I didn't think much more about it. The next day the skin on my hand was very sore. I looked at it and noticed that the mixing had worn down the top layes of skin on my hand. To the point where I barely had any fingerprints at all. So if you want to remove your fingerprints temporarily in a somewhat painful(but not excruciating) way, just mix up a bucket of concrete with your hand..... Hmmmm, is this a circumvention device?

    --
    mp3's are only for those with bad memories
    1. Re:Accidental Discovery by WormholeFiend · · Score: 3, Interesting

      I had a similar experience when I worked at a summer job at industrial egg incubator facilities... we had to clean everything with bleach and even with all the protective clothing and gloves, we still all lost the friction ridges on our fingers and hands.

      Fastforward to years later, I have to get a security clearance, and therefore have to get fingerprinted... So I asked the cop about this sort of situation.

      He told me that if they can't let a suspect go until they can ascertain his/her identity. So it's in the suspect's best interest to have printable fingerprints.

      Obviously this cop wasnt very forthcoming with answers for all possible situations, but I would assume that if your prints have to be scanned to open some sort of security mechanism or to obtain access to a secure area, you have to have readable fingerprints, otherwise you're S.O.L.

      (OT side note: at that summer job, I also learned that egg incubator facilities have to employ specially trained Japanese sex differentiators, and that the best ones all come from Japan, with a less than 1% margin of error -- they pick up each chick, and look at its ass, then put it on the male or female conveyor belt. Don't ask me what they look for to make the difference between males and females, they never told me.)

  20. They'll stay to raise the threshold... by MyNameIsFred · · Score: 4, Insightful

    There is an old saying that is attributed to the Secret Service. They can't stop someone really dedicated from killing the President. All they can do is raise the level of difficulty so high that the average individual won't be able to do it. I think that is applicable to the fingerprint scanners used in American airports. Yes, they can be beat, but they raise the threshold. They won't catch the dedicated/educated terrorists, but it will help against idiots. And stopping idiot terrorists is still a good idea. And don't fool yourselves, a lot of terrorists are idiots. Just look at the Shoe Bomber, not what I would call England's best and brightest.

    1. Re:They'll stay to raise the threshold... by rcamans · · Score: 3, Funny

      Hey - maybe the shoe bomber was England's best and brightest!

      --
      wake up and hold your nose
    2. Re:They'll stay to raise the threshold... by hackstraw · · Score: 4, Insightful

      All they can do is raise the level of difficulty so high that the average individual won't be able to do it.

      I would describe John Hinckley, as average at best, and he stepped forward from a crowd of television reporters and fired six shots hitting the President (Reagan) and others.

    3. Re:They'll stay to raise the threshold... by emptor · · Score: 3, Interesting

      Actually the saying goes something like "They can't stop someone who is committed enough to sacrifice their own life from killing the President."

  21. Re:Could someone explain 4.5.3 to me? by Apocalypse111 · · Score: 5, Informative

    I myself have an identical twin brother, and our fingerprints are nothing alike. Fingerprints are a developmental feature, not a genetic one.

    --
    There is no mod option "-1: Disagree" for a reason. "Overrated" is not an acceptable substitute. Post something instead.
  22. Non-US student by AragornSonOfArathorn · · Score: 4, Insightful

    Good thing this was written by a student who is NOT a US citizen or she would probably be prosecuted under the DMCA.

    --
    sudo eat my shorts
  23. Story by HarveyBirdman · · Score: 3, Interesting
    I wrote a SF story in college where there were fingerprint scanners that also looked at the skin oils and other biometrics. The protagonist had to use an elaborate device to fake a finger print. If I recall, it was a micro-pingrid array with synthetic skin on the tops of the pins, and little cannister of actual skin oil and other stuff. You could program the pins to be anyone's fingerprint, and the bio-goos would be mixed to the appropriate levels. Of course, it worked perfectly.

    Just thought I'd mention it. :) The story also had "heavy water fusion batteries" 4 years before the world learned the term "cold fusion". This was back in 1985 before my creativty was destroyed by life and career and reality television.

    --
    --- Ban humanity.
  24. Re:Why am I not surprised... by HermanZA · · Score: 4, Funny

    Man, do you realize how small a quantum leap is? It is the closest thing to nothing in the universe...

  25. Liveness detection by lucifuge31337 · · Score: 3, Funny

    The main problem with liveness detection methods based on extra hardware, is that the scanners have to be adjusted to operate efficiently in different kinds of environments...

    "So why does it have a rectal probe?"

    "That's just part of the design."

    --
    Do not fold, spindle or mutilate.
  26. calcium hydroxide burns by SuperBanana · · Score: 5, Informative
    In a former career I spent time mixing cement. One day I was mixing a small amount in a 5 gallon bucket. At the time I had nothing to mix it with so I used my hand. After mixing I washed my hand and it was amazingly smooth. I didn't think much more about it. I looked at it and noticed that the mixing had worn down the top layes of skin on my hand.

    Uh, that's because calcium hydroxide -burned- it off, not "wore it down". It's actually quite common, because there is a delay between exposure and reaction. Well, that and people think "hey, it's just rocks and dirt and stuff, i don't have to wear gloves..."

    --
    Please help metamoderate.
  27. What's the big deal by icejai · · Score: 3, Insightful

    Fingerprint scanners are exactly that.

    Finger. Print. Scanners.

    They're not "Absolute Identity Verifiers", or "Identity Truth Machines".

    They are simply tools to be used with other forms and methods of identification. Are *all* fingerprinting validation systems supposed to include "temperature, pulse, blood pressure, electric resistance, etc"? Only if some company were relying on fingerprints ALONE to verify someone's identity. But NO company would rely on fingerprints alone. Also, it would make the machine MUCH too costly for anybody to buy.

    The bottom line is, yeah sure, fingerprint scanners can't tell the difference between a human finger and a gelatin one. But if a fingerprint is *all* that it takes to get access to something, then the institution has problems that dig far deeper than the inadequacies of any fingerprint scanner.

  28. It's even easier than that. by pclminion · · Score: 4, Interesting
    Forget making crude copies of authorized fingerprints... It's even easier than that.

    A friend of mine in the office has some sort of skin condition which causes his hands to produce very acidic sweat. It's acidic enough to buff the leather on his steering wheel and gear shifter. His fingers will erase the letters off the keys on some keyboards (I assume some keyboards use better quality ink that is more resistant). Coffee mugs with cheap paint on them suffer the same fate on the handles.

    This person can open any fingerprint-protected laptop in the office (we bought a bunch of these from some company who was beta-testing them, they are now out of production) and make it boot. He just smears his fingertip onto the sensor and wiggles it a little bit, and the machine accepts it as an authorized print.

    These fingerprint detectors are of the capacitance-coupling variety. I don't know if the same trick works with the other fingerprint sensor technologies.

  29. just another argument against cheap stuff by rozz · · Score: 4, Insightful

    this thesis is only a better documented, nicely written replay of a japanese experiment from some years ago :
    the matsumoto experiment

    and it surely doesnt mean the biometrics are not secure!

    a complete biometrics based security solution has 3 "components" :

    Something you know: e.g. a password or a PIN.

    Something you hold: e.g. a credit card, a key, or a passport.

    Something you are (biometrics): e.g. a fingerprint, iris pattern, etc.

    their demonstration only fooled the 3-rd component of such a system ... which means they got NOTHING! ... plus, the most secure fingerprint scanners read the biometric info from under the epidermis(the outer "dead" skin) and are not so easily fooled with an artificial finger or fingertip ... the fact that they tested cheap of-the-shelf hardware is not exactly concludent.
    The whole study is just an argument against bad hardware and sloppy security systems, not against the usage of the biometrics .. while unfailible security does not exist, biometrics can make a big difference when used right!

    --
    "There is nothing more frightful than ignorance in action." Johann Wolfgang von Goethe