Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Fingerprint Stickers Let You Access a Protected Phone While Wearing Gloves (gizmodo.com)

Posted by BeauHD on from the ordinarily-extraordinary dept.

A new Kickstarter campaign aims to sell you fingerprint stickers that, when applied to a pair of gloves, allow you to unlock a mobile device that's protected with a fingerprint scanner. The sticker is powered by Nanotips and is "made with an extremely adhesive conductive material that can be applied to any surface for touch capability." Gizmodo reports: You can of course still access a fingerprint-secured smartphone using regular touchscreen-friendly gloves by simply punching in your passcode on-screen, but why should we have to give up the convenience of a feature like Touch ID for months on end just because it's cold outside? We shouldn't, and these Taps stickers will allow you to use your mobile device's touchscreen and fingerprint reader, for unlocking your phone or making a purchase, even while your actual fingers (and fingerprints) are being kept warm and toasty inside a glove. After applying a textured stick to the tip of your glove, you just have to register it as an approved fingerprint using your smartphone's security settings. You might assume this would mean that anyone with a Taps sticker on their gloves could access anyone else's protected phone. But according to its creators, using nanoparticle technology every single Taps sticker has an individual and unique artificial print ensuring that only your gloves can access your device. That being said, there is still the risk of someone stealing your gloves, which is easier than stealing your fingerprints, so you'll have to weigh the security risks introduced versus the added convenience these offer.

18 of 74 comments (clear)

  1. pick one: convenience, privacy by fahrbot-bot · · Score: 4, Insightful

    You can of course still access a fingerprint-secured smartphone using regular touchscreen-friendly gloves by simply punching in your passcode on-screen, but why should we have to give up the convenience of a feature like Touch ID for months on end just because it's cold outside?

    Because this: Feds Walk Into a Building, Demand Everyone's Fingerprints To Open Phones

    Using a pass code is protected by the Fifth Amendment, using a fingerprint is not.

    --
    It must have been something you assimilated. . . .
    1. Re: pick one: convenience, privacy by justcauseisjustthat · · Score: 4, Interesting

      Every time I get pulled over or whatever, I force reboot my phone to require passcode.

    2. Re: pick one: convenience, privacy by mysidia · · Score: 3, Funny

      Every time I get pulled over or whatever, I force reboot my phone to require passcode.

      I'm guessing there's probably an App for that to add an "I've been pulled over" button to the lock screen for forcing a reboot.

    3. Re: pick one: convenience, privacy by dotancohen · · Score: 2

      Because this: Feds Walk Into a Building, Demand Everyone's Fingerprints To Open Phones

      Using a pass code is protected by the Fifth Amendment, using a fingerprint is not.

      Why not use the 'sticker' part of the glove _instead_ of one of your actual fingers? Then you could visibly try every finger and plausibly deny that the phone is yours.

      --
      It is dangerous to be right when the government is wrong.
    4. Re: pick one: convenience, privacy by murdocj · · Score: 4, Funny

      Just how often do you get pulled over?

    5. Re: pick one: convenience, privacy by Big+Hairy+Ian · · Score: 2

      Never did get why the FBI took Apple to court when they could have just taken the IPhone to the morgue.

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    6. Re: pick one: convenience, privacy by myowntrueself · · Score: 3, Insightful

      Just how often do you get pulled over?

      They may be African-American and it could be a daily occurrence.

      --
      In the free world the media isn't government run; the government is media run.
    7. Re: pick one: convenience, privacy by Ol+Olsoc · · Score: 3, Informative

      Or, they could just take the data out of the phone, put it into a special OS shell that doesn't have the lockout feature, and rip through all 10000 four digit codes in the time wasted between keystrokes in this reply.

      Or, or, and or. I'd be the last person to argue for or against any so called security features on a phone. I do not consider anything about a phone to be secure at all ever. So if I were to be doing something illegal, I sure as hell wouldn't put it on my phone.

      The whole thing is people demanding an inherently non-secure device to be secure. It's like buying a billboard, putting something classified on it, or kiddie porn, and demanding that people not see what is on it because you demand your right to privacy.

      It simply is not secure.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  2. Key chain finger by not_surt · · Score: 2

    What would be really handy is a simulated finger I can keep on my key chain.

    1. Re:Key chain finger by Anonymous Coward · · Score: 3, Funny

      When he said he was giving you the finger, it meant something else entirely.

  3. Re:Fingerprint stealing made easy by flyingfsck · · Score: 2

    You already leave your fingerprints everywhere you go, including all over your phone. So using a print scanner only inconveniences an honest user and does nothing to stop a determined criminal.

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!
  4. commentsubject by Falos · · Score: 2

    >A new Kickstarter campaign
    Stopped reading here. A new record.

  5. unique by ChoGGi · · Score: 2

    I'm sure they're made them unique, but is it unique for touch devices or just in the lab?

    "there is still the risk of someone stealing your gloves, which is easier than stealing your fingerprints"
    I think I pay less attention to where my finger prints are left compared to a pair of gloves.

  6. Knows nose by cwatts · · Score: 4, Interesting

    In cold weather I register the end of my nose as a fingerprint. It works! And the feds will never figure it out, they can try all my fingers and still not get in.

    If you want to keep finger functionality, use your imagination- the back of a knuckle or the side of a thumb are just as unique as a fingerprint, and work just as well.

    Unlocking ones phone with one's nose will occasionally be met with wisecracks- trying to operate a phone with a nose will probably get you beaten up or arrested. So be careful :)

    cw

    --
    chris watts íë¦ìS ì(TM)ì
    1. Re:Knows nose by ledow · · Score: 3, Interesting

      It just makes me question the uniqueness being measured (we know fingerprints are "unique" enough for convictions, but if your nose passes muster to a fingerprint reader as a valid fingerprint, surely it's not measuring that much uniqueness in the first place?). Noses just don't have unique, large, raised, patterning like fingerprints do. You can SEE and FEEL fingerprints, that's how large the features are. You can't see much difference between one squished nose and another.

      All this tells me is that fingerprint readers on smartphones are naff toys. And I don't for a second buy the "it depends on the glove used" tripe either.

      I looked into a fingerprint reader that schools were using for access. It turns out to be a scanner. With some Linux tools and jiggery-pokery you can pull out a black-and-white scanned TIFF from the sensor, which just feeds it into software which does the "uniqueness" bit (finding edges and comparing corner points, mostly).

      So I printed out the TIFF, swiped that, and it accepted it. I'm sure they've come on leaps and bounds since, but they are still susecptible to the same old attacks. You don't need to find "a finger that's correct", just a sufficiently convincing model of that finger. That can be anything from a flat piece of paper, to a PCB-etched one, to some gummi bears moulded from that. But still, outside of humongously expensive things, nothing really that good at detecting fakes.

      The heartbeat sensor in my phone uses the colour of the skin to measure heartrate "accurately enough". It's literally just a colour sensor, like a scanner, with sufficient red illumination to make your pulse "visible". That could easily form another part of a smartphone fingerprint sensor. And would STILL be just as susceptible to, say, a smartphone display showing the fingerprint and red-pulse that it expects.

      It's the analogue hole all over again. If you can copy the data stream sufficiently, you don't need the original any more.

      And that just makes fingerprints worthless.

  7. Re:Fingerprint stealing made easy by Anonymous Coward · · Score: 2, Insightful

    Don't get a glove with YOUR fingerprint. My phone can accept multiple fingerprints, the glove can be a new one. If I lose the glove, I reset the fingerprints to mine without the glove.

    --XYZZY--

  8. Re:Fingerprint stealing made easy by Coisiche · · Score: 2

    Probably don't have to steal them. I reckon gloves must be among the most misplaced or lost items in places where winter is cold enough to require wearing them. Of course finding gloves with attached fingerprint sticker doesn't help link them to an owner and a device to unlock, but it does give you a fingerprint to leave around somewhere to say, mess up a crime scene investigation. Has a cast-iron alibi ever been overturned in court because of fingerprint evidence?

  9. Would you print your PIN on your gloves? by kbdd · · Score: 2

    That has to be the stupidest idea I have heard of in a while.