Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprint Scanners Fooled By Play-Doh

Posted by ScuttleMonkey on from the homer-says-doh dept.

* * Beatles-Beatles writes to tell us YubaNet is reporting that in recent tests by Stephanie C Schuckers, an associate professor of electrical and computer engineering at Clarkston University, she has shown that, among other things, biometric security measures were fooled 90% of the time by simple attacks like Play-Doh molds. From the article: "Schuckers' biometric research is funded by the National Science Foundation (NSF), the Office of Homeland Security and the Department of Defense. She is currently assessing spoofing vulnerability in fingerprint scanners and designing methods to correct for these as part of a $3.1 million interdisciplinary research project funded through the NSF."

13 of 302 comments (clear)

  1. Good security by ReformedExCon · · Score: 5, Interesting

    It's one thing to fool fingerprint scanners. The ones described in the article use a photo system that takes a picture of the full print and detects similarities with prints on file. It does sound pretty easy to fool. However, what about swipe-based scanners? Or retinal scanners? Surely Play-Doh isn't durable enough to drag over a fingerprint swipe-scanner and it's probably difficult to make a good replica of an eye with the stuff.

    But the real security comes with a Marine standing guard. If you can get passed that guy, the biggest problem is already solved.

    --
    Jesus saved me from my past. He can save you as well.
    1. Re:Good security by lars_stefan_axelsson · · Score: 4, Interesting
      But the real security comes with a Marine standing guard. If you can get passed that guy, the biggest problem is already solved.

      Then you're in trouble (scroll to near the bottom where they just drive through the main gate). The red team Red Cell were notorious in the eighties for getting into any base they set their sights on, in fact they were so successful that it played no small part in being shut down, they were just too much of an embarassement.

      In fact, human security guards are notoriously unreliable, they'll get a few, but also let quite a few through. So I'm not sure that's necessarily the "biggest problem." It's a problem, but a combination of guard relying on technology that he's been assured is "foolproof" when in fact it is not, doesn't make for much in the way of security.

      --
      Stefan Axelsson
  2. And? by Bacon+Bits · · Score: 5, Interesting

    There are three flavors of a security pass:
    1. Something you have, like badge or actual key.
    2. Something you know, like a password or pass phrase.
    3. Something you are, like a General, Doctor, or American citizen.

    Two-form authentication (where you use two of the three above forms) is quickly becoming regconized as being much more secure. Numerous security professionals were hoping biometrics would fit into the "something you are" category, but increasingly that category is being replaced by "something you have". You can have a General's uniform or forged passport... or a playdough impression from an authenticated finger. All this study does is confirm that migration.

    --
    The road to tyranny has always been paved with claims of necessity.
  3. Capacitance? by Omicron32 · · Score: 5, Interesting

    I may be using the wrong term here, but why not have some sort of capicitance measuring device on the fingerprint scanner? Something a bit less sensitive than your iPod wheel or a normal laptop touchpad so it has to detect a current on the persons finger before it will even begin to scan?

    Not that I've tried it, but I'm pretty sure you can use Playdoh to navigate around your iPod.

  4. They are also annoying in other ways by siddesu · · Score: 5, Interesting

    I for one have a problem logging on via the scanner after a longer bath. The damned thing won't recongize the fingerprint and won't let me logon until the skin dries and the wrinkles on the fingers go away.

    It is not bad, as I give up on the computer in the evening, just don't wash your hands before a presentation :-)

  5. Re:Wow by shri · · Score: 5, Interesting

    Today's submissions that were rejected include a new digital imaging chip from the folks at Univ of Rochester and the Gnope.Org release (PHP GTK Toolkit).

  6. Pulse Oximetry by Detritus · · Score: 4, Interesting

    Why not add a little hardware and check for a living finger? When I was in the hospital, they put a noninvasive sensor on my finger that measured my pulse and blood oxygen level. It uses two frequencies of light to measure oxygenated haemoglobin.

    --
    Mea navis aericumbens anguillis abundat
  7. Re:Is i just me by ndansmith · · Score: 4, Interesting
    What's more odd is that if there is something going on, they seem perfectly intent to be out in the open and obvious about it. Three stories in a row now (two on the front page) all with the same user (* * Beatles-Beatles) and the same link (http://george-harrison.info./ Why is ScuttleMonkey being so blatant about what he is doing? Does he not read anything on the submission at all? Or is he really in cahoots with this Beatles-Beatles fellow? Either way, doesn't he know that he is making an ass of himself and Slashdot by doing what he is doing?

    Here come the -1, Offtopic mods, which I have a feeling will not be meta-moderated.

  8. Re:Is i just me by Tim+C · · Score: 5, Interesting

    Out in the open and blatant only in that they're not trying to hide it. On the other hand, they're certainly not telling us, despite numerous comments asking what's going on attached to every **BB story.

    Mind you, it's not like we should be surprised - they acted in exactly the same way about the Roland Piquepaille(sp?) stories, and have acted the same in the past too (anyone else remember the troll report thread and related mod bombing and moderation blacklisting? I *still* can't moderate). The bottom line is that for all slashdot seems to rail against poor customer service, they're quick to ignore their own customers.

    --
    It's official. Most of you are morons.
  9. Re:Is i just me by Seumas · · Score: 4, Interesting

    I didn't even realize it until you mentioned it, but what's up with the modding? I used to get mod points on a weekly basis, but I think it's been over a year since I've had any mod points. I sure don't remember participating in any sort of great uncovering of Slashdot secrets that would deserve such a response...?

  10. It's way worse than they think!! by Jeff_at_RAD · · Score: 5, Interesting

    I got a laptop with fingerprint identification and thought it was ultra-cool to just stick my index finger on there to log in (this was to XP tablet edition).

    Then I wondered if you could trick it, so I looked at my index finger, and saw that it was a loop, and then had someone else in the office try with one of their fingers that also was a loop. Nothing just by pressing down.

    But, because the login software takes continuous readings (which they display!), my buddy was able to keep sliding and mashing and rotating his finger around until after 4 or 5 seconds, Bong, logged in!! We were laughing, so we tried with with three other guys here, and they all logged on. Some of them had to rotate their hand all the way around, but *everyone* got on. THIS SOFTWARE DOES NOT WORK! DO NOT TRUST IT!

    I reported this to the fingerprint software people (sorry, don't remember their name), but they never responded. I just turned it off completely - it's a joke.

  11. I got one here, and they may not be practical by EMIce · · Score: 4, Interesting

    I have a portable pulse oximeter sitting right next to me. It is pricey and is about 2.5" x 1.5" x 1.5". It clamps lightly around one's finger and has a numerical LED display for oxygen level and beats per minute. It's as accurate as a bedside hospital unit from what I have read. Adding one of these though would really drive up costs. Here is a pic of the unit I am talking about. $675, ouch.

    Incorporating them would also require a major redesign. They clamp around an inserted finger, and this would make them harder to clean and maintain, and also make them more prone to breakage.

    The non-invasive principle of operation of these is pretty neat, and might interest slashdoters. They work by shooting dual wavelengths of light through the finger, namely infra-red and a visible red color. On the other side of the finger, a sensor relays readings to a signal processor, which distinguishes between flesh, bone, and what-not based on the absorption differential between the two wavelengths, so it can isolate out variables between different kinds of fingers. The result is incredibly precise, and the LED on the front flashes in precise sync with one's pulse. I'm guessing the signal processor is a major cost, so maybe in time these will come down in price.

  12. Re:Play-Doh is... by Gadzinka · · Score: 4, Interesting

    There's something I don't understand. From the article on Wikipedia:

    Its exact makeup is a secret [...] Play-Doh was invented by Noah McVicker and Joseph McVicker in 1956 and awarded U.S. Patent 3,167,440 in 1965.

    So, is its formula secret, or was it patented? If the patent was granted in 1965, shouldn't it expire already?

    Robert

    --
    Bastard Operator From 193.219.28.162