Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprint Scanners Fooled By Play-Doh

Posted by ScuttleMonkey on from the homer-says-doh dept.

* * Beatles-Beatles writes to tell us YubaNet is reporting that in recent tests by Stephanie C Schuckers, an associate professor of electrical and computer engineering at Clarkston University, she has shown that, among other things, biometric security measures were fooled 90% of the time by simple attacks like Play-Doh molds. From the article: "Schuckers' biometric research is funded by the National Science Foundation (NSF), the Office of Homeland Security and the Department of Defense. She is currently assessing spoofing vulnerability in fingerprint scanners and designing methods to correct for these as part of a $3.1 million interdisciplinary research project funded through the NSF."

2 of 302 comments (clear)

  1. Redundancy... by Cherita+Chen · · Score: 5, Insightful
    Which is exactly why Biometrics, i.e, "Fingerprint readers", should only be one small part of a much more robust security infrustructure. Redundancy is key...

    --
    I'm not fat, just big boned...
  2. Re:And? by Anonymous Coward · · Score: 5, Insightful

    1. Something you have, like badge or actual key.
    2. Something you know, like a password or pass phrase.
    3. Something you are, like a General, Doctor, or American citizen.

    This gets interesting in the overlaps that refute the categoricals. What you know and what you have both define what you are. For example what makes you a General or a Doctor other than the correct uniform? A detailed knowledge of military or medical matters. So let's take two twins, one a doctor and one a general and get them to spend a month teaching each other everything they know about each others subject. The doctor twin puts on his brothers uniform and walks right into the base. Now, can he spend an entire day bluffing his way through a tactical conference, while his brother does a bit of impromptu brain surgery? Unlikely but not impossible. So is it what we know that defines us as who we are? Not with 100% certainty. Is it what we have that defines what we are? No, not definitely. Keys, passwords, biometric features, money, any facet of physical acuality can be forged, stolen or substituted. So where does that leave us? It leaves us with the uncomfortable philosophical annoyance that identity does not exist. We have to step back and look at the question again. What are we trying to achieve through assigning identity? We are trying to map INTENTION. The guy getting on the plane may look like, smell like, sound like, walk like... the person the computer says is good ole regular Joe Citizen 101, but what if his _intention_ is to blow up the plane and not ride peacefully? Joe could have been brainwashed/blackmailed/replaced by an android. Identity isn't the thing that governments and identity researchers _want_ it to be and so we have to start tackling the more difficult issue of stopping people needing or wanting to steal money or blow up planes.