Slashdot Mirror
Fingerprint Scanners Fooled By Play-Doh
* * Beatles-Beatles writes to tell us YubaNet is reporting that in recent tests by Stephanie C Schuckers, an associate professor of electrical and computer engineering at Clarkston University, she has shown that, among other things, biometric security measures were fooled 90% of the time by simple attacks like Play-Doh molds. From the article: "Schuckers' biometric research is funded by the National Science Foundation (NSF), the Office of Homeland Security and the Department of Defense. She is currently assessing spoofing vulnerability in fingerprint scanners and designing methods to correct for these as part of a $3.1 million interdisciplinary research project funded through the NSF."
It's one thing to fool fingerprint scanners. The ones described in the article use a photo system that takes a picture of the full print and detects similarities with prints on file. It does sound pretty easy to fool. However, what about swipe-based scanners? Or retinal scanners? Surely Play-Doh isn't durable enough to drag over a fingerprint swipe-scanner and it's probably difficult to make a good replica of an eye with the stuff.
But the real security comes with a Marine standing guard. If you can get passed that guy, the biggest problem is already solved.
Jesus saved me from my past. He can save you as well.
There are three flavors of a security pass:
1. Something you have, like badge or actual key.
2. Something you know, like a password or pass phrase.
3. Something you are, like a General, Doctor, or American citizen.
Two-form authentication (where you use two of the three above forms) is quickly becoming regconized as being much more secure. Numerous security professionals were hoping biometrics would fit into the "something you are" category, but increasingly that category is being replaced by "something you have". You can have a General's uniform or forged passport... or a playdough impression from an authenticated finger. All this study does is confirm that migration.
The road to tyranny has always been paved with claims of necessity.
I may be using the wrong term here, but why not have some sort of capicitance measuring device on the fingerprint scanner? Something a bit less sensitive than your iPod wheel or a normal laptop touchpad so it has to detect a current on the persons finger before it will even begin to scan?
Not that I've tried it, but I'm pretty sure you can use Playdoh to navigate around your iPod.
Fingerprints are now part of our total security strategy and a first-line screening technique for inprocessing of mass police events. When groups are processed after WTO rallies and other such large police events, processing uses fingerprint ID. Imagine a case in which 500 were arrested and all could be terror suspects, and the terrorist, who would have been ID'd, got away because of a fingerprint error. Fingerprints are used by banks to cash out-of-state checks. It's time to verify fingerprints and begin associating them with a biometric less modifiable, such as retinal ID. Of course, concerns about the coercivity of this approach are justified, but the security benefit outweighs. If we're going to use biometrics, let's use effective ones. Of course, the merits of mass arrest are questionable, but if we are going to do it, let's do it right.
Since when has this country used intellectual elite as a pejorative term?
I for one have a problem logging on via the scanner after a longer bath. The damned thing won't recongize the fingerprint and won't let me logon until the skin dries and the wrinkles on the fingers go away.
:-)
It is not bad, as I give up on the computer in the evening, just don't wash your hands before a presentation
As it was written earlier, others suggested the same article which was miraculously granted to **BB.
People theorized that either the ** shows up on the list, or there is a deeper conspiracy.
Today's submissions that were rejected include a new digital imaging chip from the folks at Univ of Rochester and the Gnope.Org release (PHP GTK Toolkit).
Why not add a little hardware and check for a living finger? When I was in the hospital, they put a noninvasive sensor on my finger that measured my pulse and blood oxygen level. It uses two frequencies of light to measure oxygenated haemoglobin.
Mea navis aericumbens anguillis abundat
Here come the -1, Offtopic mods, which I have a feeling will not be meta-moderated.
The funny thing is we haven't(as far as I know) seen a Roland article in a long while....hmmm.....
Monstar L
Out in the open and blatant only in that they're not trying to hide it. On the other hand, they're certainly not telling us, despite numerous comments asking what's going on attached to every **BB story.
Mind you, it's not like we should be surprised - they acted in exactly the same way about the Roland Piquepaille(sp?) stories, and have acted the same in the past too (anyone else remember the troll report thread and related mod bombing and moderation blacklisting? I *still* can't moderate). The bottom line is that for all slashdot seems to rail against poor customer service, they're quick to ignore their own customers.
It's official. Most of you are morons.
I announced my displeasure with the ueber google-gayness of the beatles link in these stories before - and was modded as '-6 tin foil'.
/. used it, how many stories would beatles post?) and the fact that the first 100 million lines in the pages about link voting are hippie gay credits for the two guys who set it up makes me wary.
The problem is, if a slashdot page links to starwars dot com with the words 'solo shot first' then this will change the very nature and fabric of the universe, and may actually cause earth quakes and or hurricanes, or at least a small butterfly flapping it's wings might get struck by lightening (deserves it!).
Google is a bit dumb, and I am suprised that slashdot users : viaga, cheap-prescription-drugs, auto-warranty and friends haven't been posting more stories.
I am not 100% happy witht he ghey projects like micro formats to use link voting either (google doesn't AFAIK have the option to non-googlify a link, if it did and
akin to those twats scraping over who invented music, the internet, downloading music, downloading the internet, sex, tits and beer by fighting over who 'invented' podcasting.
humbug?
of course, this is an estimation.
please type the word in this image: ballpark
random letters - if you are visually impaired, please email us at pater@slashdot.org
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
'When I was a little man
Playdoh came in a little can
I was Star Wars' biggest fan
Now I'm stuck without a plan
G. I. Joe was an action man
Shaggy drove the mystery van
Devo was my favourite band
Take me back to my happy land!'
-- The Aquabats, Playdoh. A wonderful song of geek nostalgia...
Real Daleks don't climb stairs - they level the building.
I didn't even realize it until you mentioned it, but what's up with the modding? I used to get mod points on a weekly basis, but I think it's been over a year since I've had any mod points. I sure don't remember participating in any sort of great uncovering of Slashdot secrets that would deserve such a response...?
I got a laptop with fingerprint identification and thought it was ultra-cool to just stick my index finger on there to log in (this was to XP tablet edition).
Then I wondered if you could trick it, so I looked at my index finger, and saw that it was a loop, and then had someone else in the office try with one of their fingers that also was a loop. Nothing just by pressing down.
But, because the login software takes continuous readings (which they display!), my buddy was able to keep sliding and mashing and rotating his finger around until after 4 or 5 seconds, Bong, logged in!! We were laughing, so we tried with with three other guys here, and they all logged on. Some of them had to rotate their hand all the way around, but *everyone* got on. THIS SOFTWARE DOES NOT WORK! DO NOT TRUST IT!
I reported this to the fingerprint software people (sorry, don't remember their name), but they never responded. I just turned it off completely - it's a joke.
I have a portable pulse oximeter sitting right next to me. It is pricey and is about 2.5" x 1.5" x 1.5". It clamps lightly around one's finger and has a numerical LED display for oxygen level and beats per minute. It's as accurate as a bedside hospital unit from what I have read. Adding one of these though would really drive up costs. Here is a pic of the unit I am talking about. $675, ouch.
Incorporating them would also require a major redesign. They clamp around an inserted finger, and this would make them harder to clean and maintain, and also make them more prone to breakage.
The non-invasive principle of operation of these is pretty neat, and might interest slashdoters. They work by shooting dual wavelengths of light through the finger, namely infra-red and a visible red color. On the other side of the finger, a sensor relays readings to a signal processor, which distinguishes between flesh, bone, and what-not based on the absorption differential between the two wavelengths, so it can isolate out variables between different kinds of fingers. The result is incredibly precise, and the LED on the front flashes in precise sync with one's pulse. I'm guessing the signal processor is a major cost, so maybe in time these will come down in price.
I suddenly stopped getting mod points too, and I can't figure out why.
Clever signature text goes here.
Windows is like decaf - it tastes like the real thing, but it won't get you through the day.
There's something I don't understand. From the article on Wikipedia:
Its exact makeup is a secret [...] Play-Doh was invented by Noah McVicker and Joseph McVicker in 1956 and awarded U.S. Patent 3,167,440 in 1965.
So, is its formula secret, or was it patented? If the patent was granted in 1965, shouldn't it expire already?
Robert
Bastard Operator From 193.219.28.162
the screensavers on tech tv showed how to do this with a gummy bear, that's nothing new.
Windows is like decaf - it tastes like the real thing, but it won't get you through the day.
I'll take the bait.
Why is it that Scuttlemonkey favors Beatles-Beatles posts so heavily. I mean seriously, some of us are reasonably logical. It is nearly impossible that one person could hit the front page with almost every single article submission, without some kind of favoritism, with great frequency. If someone would just tell us what the deal is, I expect you wouldn't see the entire articles devoted to the "paranoia" you refer to. Obviously people agree that something is wrong, as I haven't seen an on-topic comment yet, and the moderators all agree.
Otherwise we're talking one hell of a coincidence.