Slashdot Mirror
Subverting Fingerprinting
squizzar writes in with news of a 27 year old Chinese woman who was discovered to have had her fingerprints surgically swapped between hands in order to fool Japanese immigration. "It is Japan's first case of alleged biometric fraud, but police believe the practice may be widespread. ... The apparent ability of illegal migration networks to break through hi-tech controls suggests that other countries who fingerprint visitors could be equally vulnerable — not least the United States, according to BBC Asia analyst Andre Vornic." Time for some biometric escalation. Could iris scans be subverted as easily?
Can't blame her for wanting to live in Japan.
if you carry around a handy severed head.
The tech for swapping fingerprints apparently exists. I don't know anybody swapping out eyeballs.
However, the open question that TFA brings up is whether or not you can skin graft somebody elses fingerprints on to you. (Or vice versa). You can do allograft skin grafts, at least temporarily, so it's feasible.
Faster! Faster! Faster would be better!
This is only a security threat if someone removes my finger and graft's it to someone else's hand so they can get my data. So my data is only as secure as the skin on my finger. I'm so scared. The likelihood of someone stealing my finger to get data is really high. Worse, they'll steal my eyeball to fake an iris scan. Maybe soon they'll just steal my brain and remove the passwords I have memorized. I'm sure in all those scenarios what I'll be thinking is "OMG, My Data!"
That is really excessive. You can melt your fingerprints off with battery acid ... or like any harsh chemical. surgically swapping them sounds way harder @_@
Japanese newspapers said police had noticed that Ms Lin's fingers had unnatural scars when she was arrested last month for allegedly faking a marriage to a Japanese man.
Seems like until they can get rid of the circular scars around their fingertips, they aren't going to fool anyone. From now on, when officials notice circular scars or other shaped scars around fingertips, they will probably have the person undergo further testing.
As far as iris switching...I don't think so. I have a feeling that the permanent blindness that likely follows(though I am not an ophthalmologist, so I can't be sure as to what is possible) will override any benefits that come from the short term gains of biometrics trickery.
I don't like Linux. This doesn't make me a troll.
Fingerprint both hands. With digital scanning it's not that big of a deal.
Better known as 318230.
The only real identity that is immune from subversion is consistent, community agreement.
What I mean by this is that every piece of data measured can be faked, copied, or altered in the database against which the measurement is checked. DNA can be planted, id cards will be sold on black markets and faked, biometrics can be later changed or forged. The measured data in the database against which identity is checked can be altered - *all* the technology-based methods for ID have vectors of attack.
What cannot be faked is what ones peers and friends agree upon regarding who an individual really is, and that the human in wuestion really is the person they agree it is. If all the friends and neighbors agree you really are Bob, then you're Bob regardless of what you do, or what data is stored in electronic systems. This is an unwieldy (nearly impossible) metric for access to a bar, authentication for into services, permission to drive, or asserting your ID at the bank to get your money. However, at its heart, community consistency could be the unalterable root from which all the other identification methods would rely upon. Basically one can create all kinds of electronic, physical, and technology based systems that will need to get reset when they are faked or forged or incorrect. To rely on other electronic systems for that reset is flawed and misses the essential nature of how people understand and use interpersonal identity.
Brings a whole new meaning to the word hacking. But in truth, how long will it be until can be swapped replaced 'a la' Minority Report?
As all kinds of technology improve, cheapen, become more accessible, so do the means to subvert them.
Really, fingerprinting is based on the belief that no two people have identical fingerprints, furthermore, most commercial/personal scanners are going to have a degree of forgiveness, after all, you don't want to be locked out of your laptop for having a dirty hand or something. Fingerprints are not secure, they can be manipulated, changed, altered, etc. A fingerprint is nothing more than a key.
Taxation is legalized theft, no more, no less.
The thing they never talk about in these stories is what would drive someone to go to such lengths? There's rarely even a single quote from the person arrested, and yet the police can say whatever they like. What does that say about a society?
The problem isn't technology in this case, but rather bad assumptions made by the designers and users. What you're doing when you use a biometric scanner is (most often) taking a reading and converting that into a hash. And for any given hash, there will be at least one pattern that will resolve for that hash, possibly several or many. It's the same with DNA -- we can't sequence and compare a person's entire DNA, but we know certain parts of certain genes exhibit a high degree of variability, and so we sequence those and use them for comparison.
In this case, an assumption was made that fingerprints don't change on a person. Well, using lasers and surgical techniques, they can be changed, and therefore the system can be bypassed -- not because the technology is flawed, but the assumptions made about its use were. Now that this technique has been observed, we need to add another step to the identification process: Looking for scars on the fingers that suggest surgical techniques have been applied. The fingers should be carefully inspected before fingerprinting anyway -- to identify other forms of fraud as well.
Of course, there's still the human variable: Immigration necessarily requires hundreds to hundreds of thousands of personnel to administrate the rules. And the system is only as strong as the weakest link -- or the weakest person. There will always be people that can be bribed or manipulated -- or just plain lazy, and those weaknesses can be exploited. And truthfully, it'd probably be cheaper.
As long as the government walls off access to goods and services by attempting to uniquely identify people, there'll be a market for false identification. Is the price point their system has set too low?
#fuckbeta #iamslashdot #dicemustdie
Wouldn't fingerprinting fail spectacularly on people with no fingers? (e.g. Darth Vader, Luke Skywalker (for one hand), etc...)
"other countries who fingerprint visitors could be equally vulnerable — not least the United States", according to BBC Asia analyst Andre Vornic.
Vornic needs to do some research. Criminals in the US have been attempting to surgically alter or mask their fingerprints since at least the 1930s, and the FBI has been researching the techniques since then as well. I remember reading about this in a book from the 60's, where a counterfeiter surgically swapped his prints around, and the FBI recognized them, out of order, and matched them back up with the original fingers.
And as you tread the halls of sanity, You feel so glad to be, Unable to go beyond. I have a message, From another time..
So the only way this person's surgery is actually worth anything is if fingerprint scans care which hand the prints are one? I would think that if you switched your hands' fingerprints, you'd still have the same prints, which could be picked up easily enough as long as the scan tests the prints against your right and left hands both.
Not to mention, as I'm sure someone has by now, they would probably notice the scars. I would think it would be more worth it to get someone else's fingerprints, if you could.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
What good will that be to the government?
Conscience is the inner voice which warns us that someone may be looking.
The movie "Never Say Never Again" clearly illustrated the shortcomings of iris scanning. That was back in the '80s. Pretty easy to fake the US President's iris and get the live warheads to replace the dummy ones. If USAF measures can be circumvented so easily then how can ordinary immigration officials deal with it?
I suppose there's an outside chance it could have all been fictional I guess. With all this reality TV it's so hard to tell what's real these days...
So I gather it's time to upgrade our biometric identification to the new "colonic map" technology?
FATMOUSE + YOU = FATMOUSE
Is it really fraud? Is there some promise that everyone has made to never make alterations to their bodies?
(I think it's dumb, but I don't see how it is fraud, she didn't actually impersonate anyone or anything)
Nerd rage is the funniest rage.
How about a public (anonymised) repository of fingerprints. The idea is this: I can't change my prints, nor can I get back control once the government has taken them. But I could publish them to the world. That makes the print very easy for anyone else to fake. In other words, plausible deniability.
I'm sure in all those scenarios what I'll be thinking is "OMG, My Data!"
Gives a new meaning to the term "thumb drive".
Do not mock my vision of impractical footwear
Very easy to fake a print using the bottle cap technique. Surgical alteration seems a bit overkill to me.
Trying to install linux on my microwave, but keep getting a kernel panic...
...cutting off one's fingerprints and swapping them between hands? OUCH!!! And there's more nerves there than anywhere else in the body.
I hate being bipolar; it's awesome!
probably, but also conscience to railway hence buttsex could instead contribute to global warming. Since
weinersmith
Yea but that won't work on Americans.
I would have thought the answer to subverting retinal scans would have been suggested by the original story: Just cross your eyes.
http://www.rootstrikers.org/
Hi There,
I work for a company that has designed and implemented fingerprint bordergate security for many countries. This may include the country in mention.
This problem will be quite easily overcome. As processing power increases, it will be increasingly easy to search more combinations of captured fingerprints against prints stored on a database. For instance, at this time there is no need to search somebody's right thumb against all of the left thumbs stored in the database. This is for obvious reasons. The fingerprints that are captured in a process as described in the article are not hashed together or in any other way combined, they are simply searched individually against prints stored on a database for the given finger position.
The solution is to simply search each fingerprint against (at least) the fingerprint stored for the opposing hand. You could also search against the entire database. This is similar to the process used when lifting a fingerprint from a crime scene, in which case the finger of origin is often unknown.
So, the solution will be quite simple, and will simply require more processing power for the search. More money to the vendors.
If your only objective was to stop your retinal scan from being successfully compared to one on record, I'd think a little mild laser surgery would solve the problem.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Hello, Mr. Yukamoto, and welcome back to the GAP!
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
Hear, hear, I am eagerly waiting for my rectal probe at every immigration process...no jokes about my orientation, please.
The techniques will become better over time and after a while, there will be better solutions to change finterprints. It's as always, if there is a way to secure something some will find a way to fool it. And it will not stop with it, iris scanning and even genetic fingerprints aren't really save for that matter.
cb
"Time for some biometric escalation. Could iris scans be subverted as easily?" How is iris scans an escalation, I have always proposed iris scans as I don't leave iris prints around myself and it is not likely to be used for anything but identification / verification. Iris scans instead of fingerprints would be a huge victory for privacy.
To combat the rising tide of surgically transplanted organs by alien terrorists what is needed is a... probe ...for an organ they dare not change. Like the prostate area.
There is an american company, whose name has not been revealed because of the FISA seal protecting them. They have a working prototype in fridge size of a spit-sample based rapid DNA analyzer, which works in just 3 minutes. It ignores the 96% of DNA invariably common to all homo sapiens from yankee to bushman, korean to inca. The rest is analyzed and hashed into an S-key like sentence for display.
The device cannot reveal the full DNA analysis to outside display, only the hash, to protect privacy of health and genetic data. The hash display is done in either of two bit-wise equivalent format for easy human memorization. One mimics the traditional redskin names, like Sitting Bull Mighty Cloud Jumping Elk, the other imitates the long chinese names.
The US government plans to field this tech for union-wide mandatoy personal identification for all legal and fiscal matters as soon as the device can be shrinked to desktop size and made to work in the 1 minute, peferrably 30 seconds timeframe. The S-name will be your legal name and your legacy name (family name + given name) will be kept only for casual use.
A specialty of the recently built prototype is the ability to sense minute DNA contamination which indicates the person being identified had twin(s) in the same womb. This breakthrough is a big step, as it allows use of evidence in criminal proceedings. It is estimated first luggage-able devices or field trial will be delivered in 4,5 years at 675,000 USD apiece if all goes on track.
This makes fingerprints and iris scan useless an irrelevant!
i'm not using any fingerprint scanner - not with all these swine flu's going around!
Also the eye may dilate as you kill them which will also fuck the result.
Mydriasis happens with death, indeed.
But it's almost trivial to induce myosis instead, using the proper chemicals. (Cocaine, as an example of something which won't be difficult to obtain for would-be criminals. As a bonus, this same substances doubles as a way to kill the victim through overdoses AND a way to preserve the iris in myosis).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Listen, I like all this being and nothingness stuff just as much as the next person but I'm only on this planet for a few decades and don't really have the time.
You're born, and you die. Between the two you remain that person - even if you do change a bit in between. That's good enough in most situations for most people.
Most of us don't have time to ask ourselves if we really exist or whether the world is just a figment of our imagination.
carving a custom print into the finger {...} like the laser surgery they do on {...} tattoos.
Well, it's going to be less easy, because the actual appearance of fingerprints depends on the shape of deep skin structure.
Thus "fingerprint" laser surgery would have to go deeper as "tattoo" laser surgery.
This rises problems of transporting and focusing the laser energy.
This also brings more risks of scarring (and you want to present fingers which look "normal" to the security check).
etc.
Not impossible, but currently harder to do than transplant.
But perhaps 3D bio-matrix printing could be used ? There has already been some not-so-much successful attempts to lab-grow skin tissue on an artificial matrix (to be used to cure burn victims). If the methods gets better, and we can manage to 3D print the correct artificial matrix with the necessary annexes (sweat ducts, blood vessels, etc.). It's difficult to achieve too, but much more convenient (less scarring, no complex laser-through-skin-into-deeper-layer surgery, possibility to control if the finger-print looks as desired before grafting, etc.)
Hum, I sense business opportunity here.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
No seriously this is no raughing matter ^.^
We have already made eyeball replacements. Low resolution, only 12x12px, and it transmits the signals to your brain via the tongue, BUT IT WORKS.
Sorry, no. The thing is a *retinal* replacement.
That's where the whole trick lies.
The main problem is the way the signal processing in the eye function - the eye is already central nervous system.
Absolutely everywhere in the body, senses signal are processed the exact same way :
Some specilised type of cell detects some event (chemical, physical, whatever).
This signal is carried from there by a nerve - which linkes peripheral nervous system to central nervous system - to a first place (in the central nervous system) where the signal is processed : instead of discrete event and absolute signals (which could be subject to noise, level drift, etc.), the input from several source are averaged, and local differences is made between input. The output signal is not "local levels", but "global levels" and "constrast and other difference between points of data". That data - after going through a relay/gate (usually the Thalamus) is processed further by the brain. Thus the brain doesn't work in terms of signal strength, but in terms of variations over space and time.
With other sense : It easy, the nerves transmit the raw data, and the first process is occurring in places like the spins or the basal ganglia. There's a pretty simple 1-to-1 mapping between the things you sense and the signal in the nerves. And as the signal come from various parts of the body, the skin, whatever. it's pretty much easy to map "who is who" at a level where the nerves are still spread out. (Cochlear implants exploit this nicely : this signal is just a representation of the physical manifestation, and it's nicely spread along the cochlea. It's easy to find where to place each electrode for each corresponding sound frequency).
With sight : well it's not easy. This time, the first processing happens already in the eyeball. Those nice 1-to-1 nerves are the layers of cells which connects the deep photosensors (rods and cones) with the surface neural cells (which do the processing). This surface layer of cell works as the first central nervous system processor. What goes out of the eyeball is an already processed information, like the one which climbs up the spin in other senses.
The optical nerves itself is not a nerve technically. It connects 2 parts of central nervous system : the upper layer in the retina and the nucleus in the brain (which works as relay/gate).
From this come several problem:
- It's central nervous system. The connection can't regrow. Therefore the brain can't rewire itself to use the new eyeball as suggested by GP.
- It's processed signal. What travels the nerve are not pixels, but already processed data : contrast information about the picture, global light levels, etc.
- It's not nicely spread out. Instead it's lots of nerves wrangled together in a small area which don't 100% follow spacial representations of the pictures on the retina. (Ok, you can globally make distinction between left and right parts. but you can be precise down to each nerve fiber). It's like trying to map body regions on a cross-section of the spine it's hard to get it beyond a certain resolution.
Therefore it's easier to imagine a connection to the optical zone of the brain (like the huge plug at the back of the cranium in Matrix).
- You still got the "processed signal" problem (you can't just send raw pixels there)
- But at least its a region spread over a certain surface, thus having better accessibility and easier to map than everything wrangled together in a nerve
- And it's close to the target. There is no need for new nerves to grow, the signal is already there.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Time for some biometric escalation.
BULLSHIT! It's time to stop the gestapo tactics and open all the borders to anyone that wants to enter any country. After all, we are all human beings born in the same planet. Those imaginary lines that they always told you were borders between US and THEM, they are just that, imaginary lines made up by the people in power.
"Imagine there's no countries" - John Lennon
only because the massive amount of intelligence in an American's brain could never be stored on your pathetic little computers.