Slashdot Mirror

← Back to Stories (view on slashdot.org)

Doctors Bypass Biometric Scanners With Fake Fingers

Posted by Soulskill on from the no-technology-can-trump-laziness dept.

jfruh writes "At a Brazilian hospital, doctors were required to check in with a fingerprint scanner to show that they've showed up for work. Naturally, they developed a system to bypass this requirement, creating fake fingers so that they could cover for one another when they took unauthorized time off. Another good example of how supposedly foolproof security tech can in fact be fooled pretty easily."

6 of 139 comments (clear)

  1. Biometrics are not secrets. by Anonymous Coward · · Score: 5, Insightful

    All the security experts who think that biometrics are the end-all-be-all of security are mistaken. Biometrics are not secrets, so once one knows your biometric id, they can impersonate you and you can't change your password!

    1. Re:Biometrics are not secrets. by Anonymous Coward · · Score: 5, Insightful

      So how would using a password-based system prevent the doctors from sharing their passwords with each other and continue slacking off?

      That's a social problem. There is no technological solution. I repeat, technology cannot solve every problem. How do you solve this problem? Check once and a while. The guys daughter was listed as being there every day for three years and never worked a single day. The people who just trusted a glorified punch card machine instead of once verifying it in person should be fired too.

    2. Re:Biometrics are not secrets. by swillden · · Score: 4, Insightful

      Biometrics are good for two categories of applications: Super high security, James Bond type stuff, and casual semi-security, where you want something to keep out the lazy but don't care that much. In between, they're broken.

      They work great in high-security applications when you have a controlled environment, which generally means an attended environment -- a guard is standing there very carefully watching the scanning process, and the scanners and all of the support systems are tightly secured.

      And they're fine in circumstances where you don't care very much.

      In between, biometrics are not secrets, and the fact that some scanner reported an image which appears to match means very little.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  2. Re:Retina Scanners... by ShanghaiBill · · Score: 4, Insightful

    Probably would have held out longer.

    A fingerprint scanner with a pulse detector (which many have) would have been fine too. Any security system can be bypassed with enough effort, so you need to consider what you are trying to protect, and make sure bypassing security is more trouble than it is worth. A doctor who wants an extra day off will obviously make a fake finger, but may not go to the trouble of making a pulse generator.

  3. Re:"supposedly foolproof security tech" by ackthpt · · Score: 4, Insightful

    Let's face it, nothing will ever be secure as long as people are involved.

    Time to start getting rid of them. ;)

    --

    A feeling of having made the same mistake before: Deja Foobar
  4. Re:What? by DMUTPeregrine · · Score: 4, Insightful

    NO!

    Biometrics aren't a replacement for passwords, they're a replacement for USERNAMES. They provide a "something you have" factor to authentication, there still needs to be a "something you know."

    Like usernames they aren't secret. They don't need to be secret, and they can be copied without ruining the security of the system. They don't need to be changed, and are unique to each user. Biometrics are great when used as usernames, and a security nightmare waiting to happen when used as a password.

    --
    Not a sentence!