Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprint Scanners Fooled By Play-Doh

Posted by ScuttleMonkey on from the homer-says-doh dept.

* * Beatles-Beatles writes to tell us YubaNet is reporting that in recent tests by Stephanie C Schuckers, an associate professor of electrical and computer engineering at Clarkston University, she has shown that, among other things, biometric security measures were fooled 90% of the time by simple attacks like Play-Doh molds. From the article: "Schuckers' biometric research is funded by the National Science Foundation (NSF), the Office of Homeland Security and the Department of Defense. She is currently assessing spoofing vulnerability in fingerprint scanners and designing methods to correct for these as part of a $3.1 million interdisciplinary research project funded through the NSF."

18 of 302 comments (clear)

  1. Is i just me by plaxion · · Score: 5, Funny

    Or is it starting to look like ScuttleMonkey is getting kickbacks from **Beatles-Beatles?

    1. Re:Is i just me by Tim+C · · Score: 5, Interesting

      Out in the open and blatant only in that they're not trying to hide it. On the other hand, they're certainly not telling us, despite numerous comments asking what's going on attached to every **BB story.

      Mind you, it's not like we should be surprised - they acted in exactly the same way about the Roland Piquepaille(sp?) stories, and have acted the same in the past too (anyone else remember the troll report thread and related mod bombing and moderation blacklisting? I *still* can't moderate). The bottom line is that for all slashdot seems to rail against poor customer service, they're quick to ignore their own customers.

      --
      It's official. Most of you are morons.
  2. LOL by Red+Samurai · · Score: 5, Funny

    Better not install it in a kindergarten then.

  3. Redundancy... by Cherita+Chen · · Score: 5, Insightful
    Which is exactly why Biometrics, i.e, "Fingerprint readers", should only be one small part of a much more robust security infrustructure. Redundancy is key...

    --
    I'm not fat, just big boned...
    1. Re:Redundancy... by this+great+guy · · Score: 5, Funny
      Redundancy is key...

      That's why we all have 10 fingers.

  4. Good security by ReformedExCon · · Score: 5, Interesting

    It's one thing to fool fingerprint scanners. The ones described in the article use a photo system that takes a picture of the full print and detects similarities with prints on file. It does sound pretty easy to fool. However, what about swipe-based scanners? Or retinal scanners? Surely Play-Doh isn't durable enough to drag over a fingerprint swipe-scanner and it's probably difficult to make a good replica of an eye with the stuff.

    But the real security comes with a Marine standing guard. If you can get passed that guy, the biggest problem is already solved.

    --
    Jesus saved me from my past. He can save you as well.
    1. Re:Good security by ArsenneLupin · · Score: 5, Funny
      What is he supposed to do, remember all two hundred peoples faces that pass him in a day?

      He stands near the scanner. And if he sees that anybody puts something else than his finger on the scanner, he shoots ;-)

  5. Welcome to Slashdot by Motherfucking+Shit · · Score: 5, Funny

    "News for financial partners of the editors, bank balances that matter."

    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  6. And? by Bacon+Bits · · Score: 5, Interesting

    There are three flavors of a security pass:
    1. Something you have, like badge or actual key.
    2. Something you know, like a password or pass phrase.
    3. Something you are, like a General, Doctor, or American citizen.

    Two-form authentication (where you use two of the three above forms) is quickly becoming regconized as being much more secure. Numerous security professionals were hoping biometrics would fit into the "something you are" category, but increasingly that category is being replaced by "something you have". You can have a General's uniform or forged passport... or a playdough impression from an authenticated finger. All this study does is confirm that migration.

    --
    The road to tyranny has always been paved with claims of necessity.
    1. Re:And? by Anonymous Coward · · Score: 5, Insightful

      1. Something you have, like badge or actual key.
      2. Something you know, like a password or pass phrase.
      3. Something you are, like a General, Doctor, or American citizen.

      This gets interesting in the overlaps that refute the categoricals. What you know and what you have both define what you are. For example what makes you a General or a Doctor other than the correct uniform? A detailed knowledge of military or medical matters. So let's take two twins, one a doctor and one a general and get them to spend a month teaching each other everything they know about each others subject. The doctor twin puts on his brothers uniform and walks right into the base. Now, can he spend an entire day bluffing his way through a tactical conference, while his brother does a bit of impromptu brain surgery? Unlikely but not impossible. So is it what we know that defines us as who we are? Not with 100% certainty. Is it what we have that defines what we are? No, not definitely. Keys, passwords, biometric features, money, any facet of physical acuality can be forged, stolen or substituted. So where does that leave us? It leaves us with the uncomfortable philosophical annoyance that identity does not exist. We have to step back and look at the question again. What are we trying to achieve through assigning identity? We are trying to map INTENTION. The guy getting on the plane may look like, smell like, sound like, walk like... the person the computer says is good ole regular Joe Citizen 101, but what if his _intention_ is to blow up the plane and not ride peacefully? Joe could have been brainwashed/blackmailed/replaced by an android. Identity isn't the thing that governments and identity researchers _want_ it to be and so we have to start tackling the more difficult issue of stopping people needing or wanting to steal money or blow up planes.

  7. Play-Doh is... by TorKlingberg · · Score: 5, Informative

    For all us not not from the same cultural sphere as the submitter, Play-Doh is a clay-like compound used by children to form various things. http://en.wikipedia.org/wiki/Play-Doh

  8. Next: man on terrorist watch list after buying Doh by Anonymous Coward · · Score: 5, Funny

    If you have no children and buy PLay-doh you might be added to the terrorist watching list as a security risk.

  9. Capacitance? by Omicron32 · · Score: 5, Interesting

    I may be using the wrong term here, but why not have some sort of capicitance measuring device on the fingerprint scanner? Something a bit less sensitive than your iPod wheel or a normal laptop touchpad so it has to detect a current on the persons finger before it will even begin to scan?

    Not that I've tried it, but I'm pretty sure you can use Playdoh to navigate around your iPod.

  10. They are also annoying in other ways by siddesu · · Score: 5, Interesting

    I for one have a problem logging on via the scanner after a longer bath. The damned thing won't recongize the fingerprint and won't let me logon until the skin dries and the wrinkles on the fingers go away.

    It is not bad, as I give up on the computer in the evening, just don't wash your hands before a presentation :-)

  11. I Don't Know About You Guys But... by Niraj59 · · Score: 5, Funny

    ... I, for one, enjoy * * Beatles-Beatles's articles. Everything he posts is news to me and the content is stuff that matters to me. I especially love his well-designed, non-sketchy website. If Slashdot would implement his wonderful CSS styles (when you hover over text, it all becomes italicized and underlined with a box drawn around it) my experience here would be great. Is there any way we can make * * Beatles-Beatles a moderator, or better yet, an administrator on Slashdot? That would be excellent. Keep up the great work ScuttleMonkey and * * Beatles-Beatles!

  12. Re:Wow by shri · · Score: 5, Interesting

    Today's submissions that were rejected include a new digital imaging chip from the folks at Univ of Rochester and the Gnope.Org release (PHP GTK Toolkit).

  13. More fingerprint spoofing techniques by BeermanAtCampus · · Score: 5, Informative

    Last summer on WTH: Spoofing fingerprints in 10 minutes shown at WTH last summer. The guy on the video also says that he never encountered a fingerprint reader which couldn't be fooled. Interesting is also to see is that he does not make a fake finger, but only a thin acryl layer placed over ones real finger. And also on the CCC website: A image gallery with text (EN) how to copy a finger print. So it's not all about the Play-Doh

  14. It's way worse than they think!! by Jeff_at_RAD · · Score: 5, Interesting

    I got a laptop with fingerprint identification and thought it was ultra-cool to just stick my index finger on there to log in (this was to XP tablet edition).

    Then I wondered if you could trick it, so I looked at my index finger, and saw that it was a loop, and then had someone else in the office try with one of their fingers that also was a loop. Nothing just by pressing down.

    But, because the login software takes continuous readings (which they display!), my buddy was able to keep sliding and mashing and rotating his finger around until after 4 or 5 seconds, Bong, logged in!! We were laughing, so we tried with with three other guys here, and they all logged on. Some of them had to rotate their hand all the way around, but *everyone* got on. THIS SOFTWARE DOES NOT WORK! DO NOT TRUST IT!

    I reported this to the fingerprint software people (sorry, don't remember their name), but they never responded. I just turned it off completely - it's a joke.