Slashdot Mirror
Aussie Kids Foil Finger Scanner With Gummi Bears
mask.of.sanity writes "An Australian high school has installed 'secure' fingerprint scanners for roll call for senior students, which savvy kids may be able to circumvent with sweets from their lunch box. The system replaces the school's traditional sign-in system with biometric readers that require senior students to have their fingerprints read to verify attendance.
The school principal says the system is better than swipe cards because it stops truant kids getting their mates to sign-in for them. But using the Gummi Bear attack, students can make replicas of their own fingerprints from gelatin, the ingredient in Gummi Bears, to forge a replica finger. The attack worked against a bunch of scanners that detect electrical charges within the human body, since gelatin has virtually the same capacitance as a finger's skin."
And the kids circumvent it by keeping the gummy bears in their pockets on the way to class.
Once again, a "foolproof" system proves to be only as useful as the fool who invented it.
Now get off of my lawn.
What one fool can do, another can. (Ancient Simian Proverb)
Fuck, YES. I read the original story, about the school introducing this moronic system, and could only shake my head. Attempts at total control are generally the solution proffered by lazy bureaucrats as an alternative to them doing their jobs. Here’s an idea - instead of working out ways of forcing the kids into school and keeping them there - why not work to make it compelling for them to come to school in the first place. I know, hard, right? Idiots. However, the creative (dare I say scientific) solution employed, and so quickly makes me remotely proud of our clever children. It’s nice to see the kids are far more intelligent and creative than their so-called teachers. I will have somewhat less pride when they remotely drain my bank account and I am forced to live on cast off gummi bears, but hey.
...is more expensive than a finger print scanner? Pay peanuts, get gummi bears.
I was promised a flying car. Where is my flying car?
No it's not. (WTF, /. editors?)
What one fool can do, another can. (Ancient Simian Proverb)
Not even slightly surprised this is coming from Australia. You guys really need to do something about reworking that government so the party that doesn't win anything also doesn't end up in power.
There is no -1 Disagree.
Duke Igthorn is NOT going to be happy when he hears about this!
Nobody has actually foiled the high school fingerprint scanners yet, it's still only in the realm of (likely) possibility - especially after the kids see this story on /.
Biometric, swipe cards or any other method they use will have loopholes when left alone. All it needs is a single teacher to watch everyone put their fingers there. But if I were in school I'd hate that too (*mutters* "fucking attendance nazis").
In my old 2nd language class in school, we would all file in, sit down and the teacher would go through the list & call out the students she thinks is absent. But it was all on paper and there was no tallying done until the end of the term.
But I must applaud the school for making the kids work harder to break the system, that's a definite way to select intelligence for "coolness" :)
Quidquid latine dictum sit, altum videtur
* You have to buy a new system and probably sign a support contract for it
* It ties up personnel with deployment
* It doesn't work any better than the old system
* It raises significant privacy issues not present in the old system
* It raises huge data security and disposal issues not present in the old system
* Adding a new student is more invasive and time consuming than in the old system
* Fingerprint biometrics can track an arbitrarily large set of individuals...but they can only distinguish a few hundred
Yep, that sounds like a textbook example of educational bureaucracy.
If a school needs fingerprint scanners to take attendance, doesn't that imply that the school has bigger problems than students circumventing fingerprint scanners?
Quoting from the end of the fine article (emphasis added by me).
Tsutomu Matsumoto, a Japanese cryptographer, uses gelatin, the stuff that Gummi Bears are made out of. First he takes a live finger and makes a plastic mold. (He uses a free-molding plastic used to make plastic molds, and is sold at hobby shops.) Then he pours liquid gelatin into the mold and lets it harden. (The gelatin comes in solid sheets, and is used to make jellied meats, soups, and candies, and is sold in grocery stores.) This gelatin fake finger fools fingerprint detectors about 80% of the time.
His more interesting experiment involves latent fingerprints. He takes a fingerprint left on a piece of glass, enhances it with a cyanoacrylate adhesive, and then photographs it with a digital camera. Using PhotoShop, he improves the contrast and prints the fingerprint onto a transparency sheet. Then, he takes a photo-sensitive printed-circuit board (PCB) and uses the fingerprint transparency to etch the fingerprint into the copper, making it three-dimensional. (You can find photo-sensitive PCBs, along with instructions for use, in most electronics hobby shops.) Finally, he makes a gelatin finger using the print on the PCB. This also fools fingerprint detectors about 80% of the time.
Gummy fingers can even fool sensors being watched by guards. Simply form the clear gelatin finger over your own. This lets you hide it as you press your own finger onto the sensor. After it lets you in, eat the evidence.
What one fool can do, another can. (Ancient Simian Proverb)
Clarification: no it's not an actual photo of an Australian kid's finger prints. Still: WTF, /. editors?
What one fool can do, another can. (Ancient Simian Proverb)
I agree that its a stupid and lazy approach. But there is only so much you can do to "make it compelling" until reality sets in that discipline is necessary for children.
The oldest approach is still the best - have teachers (and not machines) who **recognize** kids conduct roll calls.
Until Discovery Communications has it taken down--
http://www.youtube.com/watch?v=LA4Xx5Noxyo
What one fool can do, another can. (Ancient Simian Proverb)
..they shouldn't be getting money to pay for teachers.
swipe cards would be enough if the teacher actually paid attention when the kids are swiping the cards.
is it a movie theater or a school?
world was created 5 seconds before this post as it is.
I'll be more impressed when they have an article that says: Kids circumvented fingerprint scanners at school using gummy bears.
Kids should be in school. Period. Our present breed are just as crafty as we used to be back in the day in trying to avoid the system. That is how you create innovative kids in the first place. Those kids who defeats this totalitarian system and gets away with it - well - they deserve the day off :)
Meus subcriptio est nocens Latin quoniam bardus populus reputo is sanus callidus
Quite a long time ago the school district I was in kept attendance records on a computer. The password was kept on a piece of paper in the secretary desk, but that didn't matter. They had a 2400 baud modem connected to a hard line that allowed access for all sorts of records to be shared. I guess they figured the security was knowing that magic 7 digit number written on the modem, and not believing for a second that any child could possibly get the idea to call it, let alone with their own modem, and never one that understood computers better than they did.
One of my first entrepreneurial ventures was attendance management services to other kids. In this system once you hit a certain level of tardiness, or missed classes, it triggered a physical letter to be sent to the parents. I could make sure that didn't happen. Was fairly profitable and this was back when "computers never lied" and hacking was not well understood by anybody, least of all school administrators.
I had to stop when it became obvious in some parent teacher conferences that some students had clearly been ditching a lot of classes according to the teachers, but the records on the computers no longer matched the written records of the teachers. Good thing I used the computer lab and my own modem otherwise the phone records would have busted me... if the investigation even got that far. Since the "corrupt" records matched the district offices, it was assumed the computer itself was faulty somehow. They just ended up replacing it... but leaving the modem.
I guess my point is overall, that if schools are really serious about taking attendance, maybe they should concentrate less on the technology and more about giving a shit "hands on". Teachers should have the phone numbers and email addresses of their students parents, and I don't know, use them. I would have never gotten away with what I did had their been even a small amount of caring amongst the staff. At this point in my life it disapoints and saddens me that a teacher would not directly call the parents once a student missed 3 classes in a week. Waiting for an automated system to send a letter out after 7 missed classes just allows a problem to fester for around a month before anybody starts to address it.
Of course I can't blame a lot of the teachers. When you are chronically underpaid and have to do ridiculous shameful shit like purchasing resources out of your own pockets for your students, I can understand how some become burned out and disillusioned.
Kids pick up on that too. If they feel they are in a situation where people don't care and it's a mechanical mind numbing system they are forced to deal with, they will react, and most often negatively.
I guess what pisses me off more about this story is they could have used the money in that budget to raise the teachers salary and just had the teachers write down attendance in a book and have the empowerment to directly call the fucking parents.
Called me old fashioned, but whatever happened to teachers actually knowing their kids and simply taking attendance that way?
I faintly remember back in high school, when we had substitute teachers sometime. One was particularity dim, so most folks cut that class. I was in it, and the substitute teacher passed around a paper for all the students to sign in. There were three of us in the class, and about three hundred names were on the list that we passed back: "Who's Dick Hertz?", etc.
Students will always find a way to get around stuff like this . . . .
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
"Chris?"
"Here Miss"
"Peter?"
"Present Miss"
"Well it looks like everyone who's going to be here is here already, let's get started!" She thought knowing full well that a few of the students skipping the class will be reported to the principle yet again.
Fingerprints? Really? Whatever is wrong, it's not the fault of the system that has served us for hundreds of years, and doesn't need some stupid technology to fix it.
But isn't the whole point of this so that you don't need to employ someone to check attendence? If you have to employ someone to stand there, why no just get that same person to call out names and record on a register?
These comments are my personal opinions and do not necessarily reflect the opinions of the other voices in my head.
http://www.google.com/search?q=mythbusters+fingerprint+scanner
Old news, Mythbusters did this same thing years ago with a bunch of different scanners.
no
Several teachers that I had relied on the class staying pretty constant, and gave each student a number in alphabetical order. To "Call roll", you would listen for the number before yours, and after that was said by the student in question, you would say yours. Any absences were immediately obvious, and it took no more than a minute to finish it.
If the problem with cards was that people were swiping their friend's cards, and the problem with fingerprints is that they're faking them, then the problem seems to be a social one.
As noted, there's no technical solution that will keep motivated teenagers at bay.
No sig today...
When I was at school we had to sit in a room and the teacher would read out a list of names and you had to say "here!".
No sig today...
They invented all that, not some Japanese guy.
(If the show isn't a trick...)
No sig today...
While school kids may yet learn to scam extra lunches and play hooky through the use of gummi candy biometrics, the headline is bogus. None of the linked articles reported that any kids anywhere are doing anything with gummi bears except fucking up their teeth.
Kids' ingenuity is always at its best when fighting the man. Maybe they'll be smart and Orwellian. You know, like the Chinese.
Pure gelatine may (or may not) have the exact same capacitence... But what about the sugar, flavourings etc?
Then there's the fact that if you pressed your finger into a gummi bear, it's not going to create a lasting or deep impression. Perhaps if you really squashed the gummi bear it would create a detailed, lasting impression but then you're going to be left with a fragile, thin piece sheet of gelatine that would fall apart if you pressed it on the scanner.
Yes you could create a mould of the finger and fill it with pure gelatin but a 11year old would struggle to create a detailed enough mould without being helped and it's simply too much hassle for a kid to attempt. It would be easier to clone a magnetic strip, tell someone a passcode, get someone to forge a signiature or simply to say "here" when their name is called out.
Am I getting old or is everyones memory that bad?? The gummibear attack was already shown in 2002: http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/
Oh I'm a gummy bear, yes I'm a gummy bear Oh I'm a yummy, tummy, fingerprint stealing gummy bear, oh yeah!
If the machine can track you the next thing is it wants to control you. Who doesn't feel like giving Big Brother the slip? Big Brother is the guilty conscience come into reality, ready to find fault and curtail life's evil little pleasures.
The best way to fool Big Brother is to let it think it knows the truth, to invent reality.
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
My old school had a sign-in system based on face-recognition. Nobody ever found a way to circumvent it. This was 25 years ago, but I believe others were using a similar system even earlier.
Five minutes per lesson? If you assume 3 seconds to call each student's name and get a "here" response, you'd have to have 100 students per class for it to take that long - and 3 seconds is generous, considering most kids sit in roughly the same places every time a decent teacher wouldn't even need them to call out, he/she would just look around the room and see who was missing. In our classes of 20ish students, roll call - or taking the register as we call it over here - used to take maybe 30 seconds (most teachers would do it while the kids were getting seated and taking out their books/pens) and seemed to actually serve the dual useful purpose of finding out who was missing and ensuring those present were paying attention before the lesson proper began. If it's taking five minutes per lesson, either the class sizes are way too big or the teachers have lost all control over the class, either way there are much bigger issues to solve.
... or this tasty!
Build a better mousetrap, and the universe will build a better mouse.
Mythbusters already covered this.Just take a photocopy and it will work.
When I went to school, we had a class book where teachers would note who was not in. When I was responsible for the classbook, about half of the class once skipped a few lessons. When I was ordered to the principal he asked me if I was absent during those classes. I gave him the book and said stone cold: "My name is not written down in the book, so that must mean I was there."
He went for the logic, not thinking that the book and I where BOTH absent.
They did part of it in the right way. Letting the teacher do the social check and then they went wrong with the technical solution and relied on that.
Don't fight for your country, if your country does not fight for you.
Fingerprint scanners for ROLL CALL? Really?
I'm all for technological advances, but just how lazy do you really need to be? Is it too much to ask the teachers to take roll call like they have been for hundreds of years, and LOOK at the students to make sure they are who they say they are?
Somehow I'm getting less and less surprised that Australia has passed the US as the most obese nation in the world...
If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
unmonitored physical access to the device means it is compromised. Hell it could be as simple as using the USB "setup" port to make it say what ever you want. Heck, program it to just use a list, first finger checks in first person on the list, and so on, stick people you like at the top, and people you don't near the bottom.
All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
the types of high schoolers that bring lunch boxes are the types that wouldn't skip class. so to me this sounds like a plan of flawless logic, FLAWLESS!
The call is coming from inside the school!
If students don't want to attend school then there is something wrong with the school. Fix the school so that the students want to go there; then you don't need a fancy biometric scanner.
Then again, this is Austrailia we are talking of, their government tries to overly-complicate everything.
Wow! You were Ferris Bueller!
"What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
Of course I can't blame a lot of the teachers. When you are chronically underpaid and have to do ridiculous shameful shit like purchasing resources out of your own pockets for your students, I can understand how some become burned out and disillusioned.
Yep.
Of course, if teachers have to call home, you often times wind up with "perfect child syndrome" where the parent doesn't believe the teacher. They take it up with the principal, and if they're the kind of parent who can donate a new computer or something, suddenly the teacher is just harassing them. Put it in the computer, however...the computer never lies!
No trespassing. Violators will be shot. Survivors will be shot again.
I was a teacher in a rural farm school for 5 years. I can tell you first-hand that having contact information for parents is useless 75% of the time.
One of our huge challenges was trying to break the inertia of bad parent experiences in school 10-20 years ago. "I flunked out, so there's no hope for my kid." "I graduated, and look what it got me - I'm working on the farm like I was all my life. School doesn't do nuthin for ya!"
To be frank, parents can often be the biggest barrier to a student's education. This is especially true in undereducated/impoverished communities. Even encouraging your kid to hang around with different kids can have a profound effect on their performance in school.
It was rare for me to be able to get in touch with the parents of the most troublesome students. Why were they trouble students? Mainly because their parents weren't ever around disciplining them or doing their job as parents.
Typical parents were ones like the one who threatened his kid (bright, I got along with him, but failing my class for the second time. Dad asked why. I bluntly said, "He's plenty smart enough to pull an A, he just doesn't try at all.") with all sorts of stuff if he didn't pass. Three weeks later? Kid was gone for two week. Why? Family went on vacation... Had a meeting with a very bright kid's parents who had become a major stoner half-way through freshman year. His grades went from straight 100s (not just As) into the 50s. Parents were distraught. I pointed out how he was on time and handed everything in the first half, was late all the time and turned next to nothing in the second half of the year. A week later, the band instructor opened the case for the instrument he used, out fell a bowl and the leavings of the last oz he bought. As responsible parents....they threatened to sue the school because it could have been anyone's bowl and pot. Because the instrument case wasn't locked. A month later, after the school decided that they couldn't financially afford to suspend the kid, his parents bought him a new car. Convertible.
Now those were some of the parents I could get ahold of. For a large percent of kids, I couldn't get in touch with a parent. Ever. Phones disconnected, working two jobs, would just hang up on me. Would always have the kid answer the phone or get the mail, so all contact with the school was "junk mail" and "telemarketers". It was truly mind-boggling to me how disengaged parents were with the system. What was truly needed was a mandate that parents be involved with their kid's schooling. Of course, a lot would then turn out to be like the two I mentioned - there were a lot of parents like that where I worked.
Velociraptor = Distiraptor / Timeraptor
Sold out quite some time back for ad views. Know where else to go? I'm looking.
Velociraptor = Distiraptor / Timeraptor
Since having teachers take attendance is just too damned hard.
Why are you letting these clowns ruin our country?
why no just get that same person to call out names and record on a register?
*Ding*Ding*ding*
We have a winner!!!
Sometimes the simplest solution is the most effective.
---
"I can't complain, but sometimes still do..." Joe Walsh
would be to focus on the real problem; the kids that are using these methods to pose as other students need to be charged with and convicted of identity theft! It's only when they have been punished to the fullest extent of the law that they will truly appreciate the value of a good education. I'm sure there are high school graduation programs available in Australian prisons and at least there we can be sure they will actually attend.
Geez. This seems like the old zero-gravity pen vs just using a pencil in outer space argument. In High School, we had homeroom at the start of the day for someone to lay eyes on you and take attendance. Then attendance was informally taken in each class afterward. Low tech and simple. Why some people see the need for a high tech solution to a low tech problem is beyond me!
It would seem that the people having put this system into place didn't see the Mythbusters episode where they circumvented a "foolproof" fingerprint scanner with gelatin.
~Syberz
"...and I would've gottten away with it, too, if weren't for those darn kids!"
After exhaustive research and excrutiating analysis, I've determined that Bubba is, in fact, everywhere.
Alexander the Great solved the same problem with the Gordian Knot in the 4th century BCE. Smash the scanner. The modern improvement would be to disable it less flamboyantly and enjoy the theatrical performances of the assistant principle and custodial supervisor standing around scratching their heads.
This news is at least 5 years old.
Back in 2004/2005, Kevin Rose demonstrated the use of gummy bears to cheat fingerprint scanners on the TV show "The Screensavers" (today called "Attack of the Show"). And my guess that this trick was known even before then.
Bahhh double post, because someone (myself) ticked anonymous. Move along, nothing to see here.
Too many gummy bears: http://idle.slashdot.org/story/10/10/28/170207/School-Children-Are-Now-Too-Fat-to-Fit-In-Class-Chairs
When my dad was in High School, he (mostly for fun) helped the school implement an attendance system where each homeroom class sent in the punch cards for the students who were present at the start of the day. Someone fed each card to the computer, and the attendance was tallied. (This was the same year he was guaranteed an "A" in his computer class on condition he stop showing up - gotta love the irony there.)
Of course, students carried the punch cards to the office, so it was easy enough to slip in a card for someone who hadn't attended.
It's actually somewhat comforting to think that, more than thirty years later, nothing has changed.