Police 3D-Printed A Murder Victim's Finger To Unlock His Phone (theverge.com)

← Back to Stories (view on slashdot.org)

Police 3D-Printed A Murder Victim's Finger To Unlock His Phone (theverge.com)

Posted by BeauHD on Thursday July 21, 2016 @09:20AM from the false-identity dept.

An anonymous reader quotes a report from The Verge: Police in Michigan have a new tool for unlocking phones: 3D printing. According to a new report from Flash Forward creator Rose Eveleth, law enforcement officers approached professors at the University of Michigan earlier this year to reproduce a murder victim's fingerprint from a prerecorded scan. Once created, the 3D model would be used to create a false fingerprint, which could be used to unlock the phone. Because the investigation is ongoing, details are limited, and it's unclear whether the technique will be successful. Still, it's similar to techniques researchers have used in the past to re-create working fingerprint molds from scanned images, often in coordination with law enforcement. This may be the first confirmed case of police using the technique to unlock a phone in an active investigation. Apple has recently changed the way iOS manages fingerprint logins. You are now required to input an additional passcode if your phone hasn't been touched for eight hours and the passcode hasn't been entered in the past six days.

26 of 97 comments (clear)

Min score:

Reason:

Sort:

So... by DougOtto · 2016-07-21 09:22 · Score: 4, Funny

The scientists are giving them the finger?

--
Solving Unix problems since 1989...
1. Re:So... by Frosty+Piss · 2016-07-21 09:38 · Score: 2
  
  The scientists are giving them the finger?
  Pretty much giving the finger to privacy...
  
  And Jain said he was happy to help when they got in touch: "We do it for the fun."
  
  --
  If you want news from today, you have to come back tomorrow.
2. Re:So... by idontgno · 2016-07-21 09:56 · Score: 2, Funny
  
  Wat.
  3d-printed plastic fingers are... alive?
  O_o
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
3. Re:So... by narcc · 2016-07-21 10:10 · Score: 2
  
  Capacitive touch (the metal ring around the iPhone's home button) only works if you are alive [...] Capacitive touch detects micro-electric currents that flow through your body
  No.
  The very first line from your own link:
  
  In electrical engineering, capacitive sensing (sometimes capacitance) is a technology, based on capacitive coupling, that can detect and measure anything that is conductive or has a dielectric different from air.
  
  --
  Required reading for internet skeptics
4. Re:So... by Wycliffe · 2016-07-21 10:15 · Score: 4, Insightful
  
  It's a cool use of 3D Printing; but couldn't just putting the victim's finger on the phone work?
  If you would have read the article, it states that the body was too decayed. Another possibly scenario would be where the body hasn't been found yet and they find the phone in the victim's apartment, along side the road, etc... There are plenty of situations where you might have a prerecorded fingerprint but not a body.
  Oh, and call me cynical but my guess is that one of the reasons it's being tried in this case is to set a precedence in a "safe" case so they can later use it against living people with a search warrant.
5. Re:So... by JohnFen · 2016-07-21 10:22 · Score: 2
  
  Capacitive touch (the metal ring around the iPhone's home button) only works if you are alive.
  This is not true. It only works for materials that are suitably capacitive. There are lots of alternatives that work aside from living flesh.
6. Re:So... by Darinbob · 2016-07-21 14:24 · Score: 2
  
  Beware the long finger of the law!
So much for biometrics being more "Secure" by PinkyGigglebrain · 2016-07-21 09:25 · Score: 5, Insightful

How long till they use 3D printing or such to replicate someones face or retina scan?
One more reason for me to never use or trust bio-metric authentication.
And now I have something I can point to and say "See?" when someone tries to convince me how great Bio-metrics are.
1. Re:So much for biometrics being more "Secure" by JustAnotherOldGuy · 2016-07-21 10:12 · Score: 4, Interesting
  
  The only biometric signature hardware that I've seen that I would consider seriously difficult to spoof would be the deep-vein reader:
  http://www.fujitsu.com/us/solu...
  http://www.m2sys.com/palm-vein...
  They use "Palm Vein Authentication" and this seems like it would be really, really tough to trick. I think it would be very hard to recreate the sensor signature, probably harder than a retinal scan.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
2. Re:So much for biometrics being more "Secure" by Aighearach · 2016-07-21 10:14 · Score: 3, Insightful
  
  The good news is that this might mean it is better for the thieves to just scan your finger, instead of needing to cut it off. They'll get one that doesn't need refrigeration that way. Unfortunately, this can only be done with fancy custom academic prototype 3d printing, not off-the-shelf models, so for now the answer for thieves of biometric-protected items is still to cut the finger off and apply an electric current.
  My solution is simpler: I don't put anything on a mobile device that needs strong protection. Just because it is possible to bank from a phone app doesn't automatically mean there is a great use case for it. Internet banking from a physically secure desktop computer seems like a much better setup to me. But I've had that since the 90s.
  If I really, really wanted to check my balance from my phone, I could actually just call the 800-number and have a computer read it to me. And it is much safer, because I can't do transactions that way; only check the balance.
Here's the interesting part... by Frosty+Piss · 2016-07-21 09:32 · Score: 4, Interesting

Here's the interesting part...

A 3D printed finger alone often canâ(TM)t unlock a phone these days. Most fingerprint readers used on phones are capacitive, which means they rely on the closing of tiny electrical circuits to work. The ridges of your fingers cause some of these circuits to come in contact with each other, generating an image of the fingerprint. Skin is conductive enough to close these circuits, but the normal 3D printing plastic isnâ(TM)t, so Arora coated the 3D printed fingers in a thin layer of metallic particles so that the fingerprint scanner can read them.

--
If you want news from today, you have to come back tomorrow.
Way to shoot yourself in the foot, LEOs by Anonymous Coward · 2016-07-21 09:36 · Score: 4, Insightful

This is a logical enough move, though I'm pretty sure you can do it without an actual 3d printer. We already know that fingerprints can be duplicated with very little effort indeed. But the problem for our esteemed LEO bunch here is that LEOs are now admitting this reality. And that brings up important sticky sticking points.
For, if they start to routinely duplicate fingerprints, what value do fingerprints found on the scene retain?
Also, now it turns out they're sitting on gigantic databases of other people's access keys, in the form of earlier taken fingerprints. You can trust them with that, can't you? They're totally trustable, right?
1. Re:Way to shoot yourself in the foot, LEOs by Aighearach · 2016-07-21 10:23 · Score: 3, Insightful
  
  Also, now it turns out they're sitting on gigantic databases of other people's access keys, in the form of earlier taken fingerprints. You can trust them with that, can't you? They're totally trustable, right?
  That's the real kicker. They don't even need a new scan. Even if you're not paranoid about the police directly, the identity thieves have already proven that they have an easy time planting people on the inside of government agencies that have access to identity data, like the DMV. And the amount of drugs that are smuggled into prisons shows that criminal elements have fully penetrated the prison guards. So there is already black market access to this information. You can't just avoid new scans to avoid it.
  It isn't viable to protect the secrecy of your fingerprints, so it isn't viable as an authentication mechanism. The main thing you can do to protect yourself is not to rely on authentication mechanisms; don't think that putting your fingerprint into your phone lock screen means that it is safe to store secrets (like banking access) on a phone. Don't think that having a fingerprint scanner on a door means that nefarious persons can't enter through that door. Don't think that a fingerprint scanner on a car ignition will keep thieves from driving away in it. Etc.
Re:Why not use the real finger? by SuricouRaven · 2016-07-21 09:36 · Score: 2

It depends on the sensor. There are sensors available that can look for a pulse, appropriate temperature, even the presence of subcutaneous blood vessels imaged in the infrared. But those are expensive and bulky sensors, and not the sort you find on phones, which are comparatively crude devices.
So even without the conductive layer . . . by mmell · 2016-07-21 10:06 · Score: 5, Insightful

the police can put my fingerprint anywhere they want? Conceivably to be "found" later on and used as evidence against me?
Prosecutor: "Can you explain how your fingerprints came to be on the murder weapon?"
Defendant: "I don't know. I never touched it. Never seen it before. Maybe the police put it there? Since we know they can, experience has shown that they will."
1. Re:So even without the conductive layer . . . by trout007 · 2016-07-21 11:29 · Score: 2
  
  The judge will most likely not allow the jury to hear that.
  
  --
  I love Jesus, except for his foreign policy.
Technically legal by WillAffleckUW · 2016-07-21 10:19 · Score: 3, Insightful

Live people have far more privacy protections than dead people do.

--
-- Tigger warning: This post may contain tiggers! --
Re:If I'm found murdered... by smooth+wombat · 2016-07-21 10:23 · Score: 2

Don't be a criminal or get murdered and you won't have an issue.

--
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
usual police incompetence by ooloorie · 2016-07-21 12:49 · Score: 3, Informative

You don't need to 3D print a finger to fabricate a fingerprint, a simple laser printer is enough:
http://www.instructables.com/i...
Re:If I'm found murdered... by JohnFen · 2016-07-21 16:49 · Score: 2

I wish that I were nearly as confident of that as you.
Re:If I'm found murdered... by JohnFen · 2016-07-21 16:54 · Score: 2

Once I'm dead, one of two things will happen. I will either no longer exist and therefore wouldn't care about my privacy anymore, or I will live on in some mystical realm and wouldn't care about my corporeal privacy anymore.
Either way, privacy would be the last thing on my mind.
You know what? Fuck this. by xrayspx · 2016-07-21 16:58 · Score: 2

My phone dies with me. I'm sure many of my accounts die with me. I spend enough of my time keeping anyone, cops, bad guys, whoever, anyone, from reading my stuff. If they're going to /copy biometrics/ just to get access to some moron who kills me? No. I'm dead, doesn't matter anymore. Just leave me alone in death in the way you wouldn't in life.

I guess I'm glad everything's password and I have a really, really good memory and very fast fingers.

--
I like music
bloody stupid by samantha · 2016-07-21 20:49 · Score: 2

There is no way to spoof a fingerprint sensor with a 3D printer. It would take extremely precise printing, far better than any 3D printer the local cops are like to have and a very precise fingerprint. And a sensor that has no ability to note discrepancy with living tissue. So I am claiming complete bullshit pretense of far more powers than cops have.
Heck, I have to recalibrate my iThing fingerprint patterns every month or so to get it to recognize the real thing.
1. Re:bloody stupid by crtreece · 2016-07-22 01:21 · Score: 2
  
  Busted
  
  --
  file: .signature not found
Re:If I'm found murdered... by Diss+Champ · 2016-07-21 23:52 · Score: 2

You obviously haven't watched enough silly TV, or you'd realize the third option is that you will haunt your phone until someone does a documentary about it.
Original gummy fingerprint tests beat most scanner by Antique+Geekmeister · 2016-07-22 00:46 · Score: 3, Informative

The original presentation on beating fingerprint sensors with ordinary laser printer printed copies of fingerprinters, laid on gelatin, published in 2002, is available at:
http://web.mit.edu/6.857/OldSt...
It's quite a good presentation, and was verified by MythBusters in 2011.
https://www.youtube.com/watch?...
Mythbusters even demonstrated that simply printing a fingerprint on paper, and _licking the paper_, created a fake fingerprint good enough to defeat most sensors. There's little reason to think that the commercial fingerprint sensors have gotten any better, though I'd welcome a modern retest with modern cell phone and computer keyboard based sensors.
Basically, the "fuzziness" of fingerprint sensors which allows to identify real fingers with real sensors is enough "fuziiness" to allow them to be beaten with even casually made fake fingerprints. I've seen no good evidence that the necessarysensor and computational "fuzziness" has ever been worked around with even the most expensive modern sensors: I'd welcome any evidence with honestly done tests showing otherwise.