Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aussie Kids Foil Finger Scanner With Gummi Bears

Posted by samzenpus on from the gummi-security dept.

mask.of.sanity writes "An Australian high school has installed 'secure' fingerprint scanners for roll call for senior students, which savvy kids may be able to circumvent with sweets from their lunch box. The system replaces the school's traditional sign-in system with biometric readers that require senior students to have their fingerprints read to verify attendance. The school principal says the system is better than swipe cards because it stops truant kids getting their mates to sign-in for them. But using the Gummi Bear attack, students can make replicas of their own fingerprints from gelatin, the ingredient in Gummi Bears, to forge a replica finger. The attack worked against a bunch of scanners that detect electrical charges within the human body, since gelatin has virtually the same capacitance as a finger's skin."

11 of 303 comments (clear)

  1. Next up... by Moryath · · Score: 5, Insightful
    I can just see it now. Next they come up with one to detect "body heat" in the finger.

    And the kids circumvent it by keeping the gummy bears in their pockets on the way to class.

    Once again, a "foolproof" system proves to be only as useful as the fool who invented it.

    1. Re:Next up... by Moryath · · Score: 5, Insightful
      There really aren't.

      As far as the human body goes, there are only a few things that are really "constant." Exposure to allergens or illness change the voice enough that it will fail vocal characteristic matching. Taking biometric readouts of a facial structure fails the moment someone has a serious traffic accident, gets any sort of illness that causes facial swelling, or simply grows out their facial hair.

      Fingerprints? I think we've done that one pretty much to death.

      The best suited is probably retinal or iris scanning, but even those have issues. Retinal scanning fails on any number of degenerative disorders affecting the blood flow, like diabetes and glaucoma. It also fails to properly record and identify on people with moderate to severe cataracts and astigmatism. There are also some pretty hefty privacy issues with retinal scanning, since it can be used to diagnose a number of diseases and conditions - AIDS, syphilis, a number of other STD's, malaria, chicken pox, hereditary diseases like lymphoma and anemia, and even pregnancy.

      Iris scanning will fail to recognize due to tinted glasses or cosmetic contact lenses, and it'd be pretty easy to spoof them with a contact lens "printed" to someone else's pattern that is opaque around the ~750nm wave band that most NIR (Near Infrared) scanners use - and the reason they predominantly use NIR is that if you don't pick that specific band, light reflections from the cornea throw enough noise into your scan image to make it virtually unusable. For the really cheap-ass iris scanners, a suitable high-quality picture of someone's eye may even be sufficient to spoof.

      And of course, both retinal and iris scanners will fail out if they don't have an incredibly controlled environment - stick a retinal or iris scanner in an area with bright sunlight or inconsistent lighting, and you may as well just chuck the thing out the window, because iris contractions to open/close the pupil will make your scan worthless.

      Of course, you could put a hooded structure that people have to stick their eyeball on to look into in order to get scanned. That'll last all of about 2 days before some prankster gets the idea to smear some india ink or something else around the edge of the eyeball viewer...

    2. Re:Next up... by choongiri · · Score: 5, Insightful

      Whether it's technically possible to defeat the system isn't the issue. If you're trying to force kids' presence with technological measures rather than encourage leaning and enthusiasm socially, you're doing something wrong. Especially since this is talking about older kids. Try giving them something fun to do, instead of demanding they bio-retina-dna scan in after recess.

    3. Re:Next up... by Worthless_Comments · · Score: 5, Insightful

      The teacher could actually, you know, take roll. I guess that would be too much work for a government employee though?

    4. Re:Next up... by davester666 · · Score: 5, Funny

      You mean like getting them to figure out how to defeat a high-tech security system using gummi bears?

      It's fun and you can eat the evidence!

      --
      Sleep your way to a whiter smile...date a dentist!
    5. Re:Next up... by The+Hatchet · · Score: 5, Insightful

      Easy, just scan people as they walk by, record their numbers and get yourself an adjustable implant. You could change identities whenever you please. That is probably the easiest to spoof of all.

      --
      Where is the mod rating for "scary"? Also, ...
    6. Re:Next up... by MichaelSmith · · Score: 5, Funny

      My son is an Aussie kid and there is no way he could not eat a gummi bear long enough to foil a finger scanner.

      --
      http://michaelsmith.id.au
    7. Re:Next up... by SharpFang · · Score: 5, Insightful

      There's one, worse problem. Compromised credentials can't be changed. Only revoked. So someone somehow acquired your retina scan... sorry, Your credentials as compromised have been revoked, you're fired, come back when you get new retinas.

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    8. Re:Next up... by phillips321 · · Score: 5, Funny

      You could change identities whenever you please.

      Finally my dream of becoming a 10year old choir boy is getting ever closer :-)

    9. Re:Next up... by ciderbrew · · Score: 5, Insightful

      I don't worry about the average person. It's the above average and people with an imagination that really work the system.

  2. Re:Matt? "Present Miss" by wrook · · Score: 5, Insightful

    Actually, it's even easier than this. At the school I work for the teachers know what the students look like and what their names are. If one of the seats in the classroom is empty, usually it means a student is missing. If another student tries to impersonate someone you can tell by looking at them. So far this system is working pretty well. I'm pretty sure it's cheaper than a fingerprint scanner too.