Slashdot Mirror
Hacker Club Publishes German Official's Fingerprint
A number of readers let us know about the Chaos Computer Club's latest caper: they published the fingerprint of German Secretary of the Interior Wolfgang Schäuble (link is to a Google translation of the German original). The club has been active in opposition to Germany's increasing push to use biometrics in, for example, e-passports. Someone friendly to the club's aims captured Schäuble's fingerprint from a glass he drank from at a panel discussion. The club published 4,000 copies of their magazine Die Datenschleuder including a plastic foil reproducing the minister's fingerprint — ready to glue to someone else's finger to provide a false biometric reading. The CCC has a page on their site detailing how to make such a fake fingerprint. The article says a ministry spokesman alluded to possible legal action against the club.
So.... let's see.
Oh all the people to humiliate... a senior public official who sets policy for something you directly care about.
This couldn't possibly turn out badly.
"Chinese Amazons, power armor, laser swords.... things just meant to be." - Shampoo, A Very Scary Bet
This seems a bit over the top if you ask me, but hopefully it will expose biometrics for what it is: an unchangeable, and in many cases public, password. It's not very easy to hide your fingerprints (or even your DNA, for that matter) from people who really want to find them, and to rely on them for definite identification has the same problems as a social security number. Plus, anyone with a police record would be somewhat compromised from the get go here in the U.S.
I'd hate to see people get proficient at faking fingerprints, because that leads to all sorts of interesting results in the realm of law. If fingerprint fraud becomes widespread, for example, will fingerprints at a crime scene still be valid evidence in court?
Quiz: True or False -- On a scale of 1 to 10, what is your middle name?
Maybe this is what you meant, but I just think this is the perfect example to illustrate to all how biometrics are just NOT the be-all and end-all. If only for the one simple fact that he cannot change his fingerprint like he could a password that got compromised!
Duress codes.
Enter one code to authenticate normally, another to flag up that you are being forced to authenticate.
Not quite ironclad, but an extra level of safety.
One swallow does not a fellatrix make
Mister Schauble can enjoy an easy career as burglar when he's out of office. With 4000 copies of your fingerprint circulating, it cannot be used as evidence any more.
The only thing dumb thing he could get caught with is when he leaves wheelchair tracks at the scene of the crime.
DNA is the ultimate spaghetti code.
The CCC is one of the things I like about Germany. It highlights a major element of german-style citizen-culture. It's clearly opposed to uncontrolled gouverment and any notion of a police-state. It has a taste of anarchy to it and on its fringes it has inofficial members with ties to the black-hat community. Yet it is a well organised official registered German association that speaks up on behalf of the people and democracy. With a 27-year tradition of keeping the public political debate alive on IT related rights-issues by perpetually coming up with creative ways of gaining attention. This recent 'Schäuble-Fingerprint' stunt being one of them. I don't know if they've exposed their selves with legal liability by doing this (after all it was officially published in their magazine 'Datenschleuder') but it sure is as funny, hilarious and exposing as ever. Creative non-sense at its best. Go, CCC!
We suffer more in our imagination than in reality. - Seneca
Those can work against you too. My mom's got a security system in her apartment building, which is also secured. She was in a hurry one day and entered the wrong code to the alarm when she opened her apartment door, and re-entered it and it silenced as it should. 30 minutes later (!!) there's a knock on the door and looking out thru the hole she sees a row of cops lining the hallway all the way to the end, and a guy dressed in a white coat at the door "wanting to talk". She insisted it must be a mistake since the alarm company always calls before sending the cops. not when you enter the hostage code. oops! So they insisted on coming in for a bit and while they chatted with the white-coat, several of the officers methodically swept their place making sure there wasn't a guy with a weapon holding one of the family members hostage in a closet or something. It had taken them over 20 minutes to get someone else to buzz them into the building or they'd have been there a lot sooner.
I work for the Department of Redundancy Department.
My kids were watching the Scooby-Doo 2 movie the other day. There's a scene where Daphne activates a fingerprint activated lock by dusting the scanner with blush powder (highlighting the latent fingerprint from its last use) then using a pore-strip over her own finger to provide the right body temperature/capacitance/whatever without her fingerprint confusing the sensor.
I was amused to see that the technology's weaknesses had made it to the Scooby-Doo level already. I don't know if that exact combination would work, but I've heard of similar successful attacks.
-- Alastair