Slashdot Mirror
The Future of Crime - Biometric Spoofing?
AxisPower9 writes "What we often watch in films and television - circumventing biometric security access - is turning from science-fiction to reality. Bori Toth, biometric research and advisory lead at Deloitte & Touche, warned that biometric spoofing is a growing concern. From the article: 'We are leaving our prints everywhere so the chance of someone lifting them and copying them is real. Currently it's only researchers that are doing spoofing and copying. It's not a mainstream activity--but it will be. Many people are trying to regard biometrics as secret but they aren't. Our faces and irises are visible and our voices are being recorded. Fingerprints and DNA are left everywhere we go and it's been proved that these are real threats.'"
When your fingerprints have been compromised (not very hard to do) you can't change them. For this reason, I don't think biometrics is a viable solution. A long passphrase is much better, in my opinion.
Send email from the afterlife! Write your e-will at Dead Man's Switch.
Lets see.. I remember a very detailed Expose on these so called "borrowed ladders". Gee. You write a movie about it, and it takes almost 10 years for it to become a top news story on slashdot. I also remember an eye-scan in a movie using a plucked eye. Spaceballs used an unconscious guard's hand. As well as the "removed hand". Even scooby doo, Daphne used powder makeup to bring out the pattern of a thumbprint on a scanner to unlock something or other.
meh
Always carry a pocketfull of eyeballs and thumbs...and realize, at one point, those lil' orbs are going to accidentally fall out and you are going to be chasing those slipper rolling suckers all over the floor.
Where were you when the voynix came?
Rise in Eyeball Mugging and Drive-by Thumb Stealing Blamed on Biometric-scanning vidiPods
Our faces and irises are visible and our voices are being recorded.
http://www.theatlantic.com/doc/200209/mann
Iris scanner - a million bucks
Glasses with a picture of someone else's eyeballs - $5.00
Stickin' it to da man! - priceless.
Blood. A mix of your DNA plus biomarkers. Of course if you've seen the movie, perhaps that too can be spoofed.
In the end, there's no truly safe solution, except for multiple layers of passwords, biometrics, DNA samples, and the like, and even then, a determined foe will find a way to breach it. What Mankind can create, Mankind can subvert.
GetOuttaMySpace - The Anti-Social Network
As many have already pointed out, the best security uses a combination of two of the above. This is so because each one of the above has an inherent weakness.
FATMOUSE + YOU = FATMOUSE
Yep ... which is exactly what people who know anything about information security have been saying for a while.
People think that biometrics is some sort of magic bullet, because for years they've seen retina scans and fingerprint scanners on TV in all sorts of "high security" situations. But in reality, a fingerprint scan is probably not that much better than a good password -- it's certainly better than a shitty password, and in combination with a password it's probably better, but alone it's terrible.
The fact that you can't change your fingerprints is a real problem if they start to use biometric systems for authentication. Particularly since there are biometric-ID systems used by children: in my area, they're currently testing and preparing to roll out a school-lunch system that uses fingerprints (it's a debit system -- no more stolen lunch money, and no way to tell who's on the subsidized lunch program or not). When you start using biometrics that young, you have a long time for them to possibly get compromised and spoofed.
The fingerprints you have, you own for life: so any system has to be built on the assumption that they will be compromised. In particular, future systems should be built knowing that people are going to come in who've already had all 10 fingerprints compromised already. The solution isn't to just come up with more biometric identifiers to use as secrets, the solution is to not use them as secrets at all.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
The biggest problem with biometrics is after it is compromised it cannot be changed.
sure you have 10 figures and 2 eyes, but when it comes too it you will never get ADDED security with a biometric only system.
biometric + password + keycard is the securest solution.
something you are, something you know, something you have
As the phrase goes in the banking security industry.
Those have always been the only 3 options for establishing 'trust' with an unknown entity.
âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
Identification is not authentication.
Biometrics are fine identifiers. They are unique and immutable.
Identification is not authentication. Not even close. Just because someone presents an identifier does not mean they are the authorized thing represented by that identifiers. By their very nature, identifiers are promiscous.
The perfect crime is not a crime that is "solved" with someone else blamed. It's a crime that no one ever realizes was committed.
IMAGE VERIFICATION IS EVIL!