Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Subverting Fingerprinting

kdawson posted more than 4 years ago | from the on-a-stalk dept.

Privacy 169

squizzar writes in with news of a 27 year old Chinese woman who was discovered to have had her fingerprints surgically swapped between hands in order to fool Japanese immigration. "It is Japan's first case of alleged biometric fraud, but police believe the practice may be widespread. ... The apparent ability of illegal migration networks to break through hi-tech controls suggests that other countries who fingerprint visitors could be equally vulnerable — not least the United States, according to BBC Asia analyst Andre Vornic." Time for some biometric escalation. Could iris scans be subverted as easily?

cancel ×

169 comments

Sorry! There are no comments related to the filter you selected.

GLORIOUS NIPPON (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30360250)

Can't blame her for wanting to live in Japan.

Skip the prints and the eyes (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30360256)

Brainwave scans are the way to go.

Re:Skip the prints and the eyes (1)

Kratisto (1080113) | more than 4 years ago | (#30360554)

What good will that be to the government?

Re:Skip the prints and the eyes (2, Funny)

Anonymous Coward | more than 4 years ago | (#30361282)

Yea but that won't work on Americans.

Shodan's retinal scanners can always be fooled (2, Funny)

Anonymous Coward | more than 4 years ago | (#30360258)

if you carry around a handy severed head.

Re:Shodan's retinal scanners can always be fooled (5, Funny)

Ethanol-fueled (1125189) | more than 4 years ago | (#30360286)

This [pinballrebel.com] method is much more compact.

Re:Shodan's retinal scanners can always be fooled (0)

Anonymous Coward | more than 4 years ago | (#30361160)

This [pinballrebel.com] method is much more compact.

Kind of puts me in the mood for a popsicle though. =\

Watching 'Bladerunner' too many times? (2, Interesting)

ColdWetDog (752185) | more than 4 years ago | (#30360280)

The tech for swapping fingerprints apparently exists. I don't know anybody swapping out eyeballs.

However, the open question that TFA brings up is whether or not you can skin graft somebody elses fingerprints on to you. (Or vice versa). You can do allograft skin grafts, at least temporarily, so it's feasible.

Re:Watching 'Bladerunner' too many times? (4, Interesting)

MichaelSmith (789609) | more than 4 years ago | (#30360360)

Or how about just carving a custom print into the finger. Maybe something like the laser surgery they do on corneas or tattoos.

Re:Watching 'Bladerunner' too many times? (3, Insightful)

HTH NE1 (675604) | more than 4 years ago | (#30360430)

The tech for swapping fingerprints apparently exists.

The tech for swapping fingerprint cards has existed even longer. Sometimes it's the people taking the prints that swap them for you.

Re:Watching 'Bladerunner' too many times? (0)

Anonymous Coward | more than 4 years ago | (#30360514)

The fear of rejection would probably be too high of a risk for most plastic surgeons to take the job. Also the costs of prescriptions, surgery, to subdue antibodies and $$$convincing someone to do this with you, or... i suppose acquiring a set of fingers off the black market hehehe ,would make it a costly endeavor.

Re:Watching 'Bladerunner' too many times? (1)

lobiusmoop (305328) | more than 4 years ago | (#30360582)

I think you might be thinking about 'Minority Report' instead of 'Blade Runner' in terms of retinal scanning.

Re:Watching 'Bladerunner' too many times? (1)

digitalunity (19107) | more than 4 years ago | (#30361054)

I've read several enlightening stories on the web in years past saying eyeball transplants are not far off. Apparently new eyeballs, some stem cells and time can allow the brain to recognize and rewire itself for the eyes of another.

Sounds really creepy, unless you're a blind man.

Re:Watching 'Bladerunner' too many times? (1)

MrNaz (730548) | more than 4 years ago | (#30361328)

BS.
The optic nerve is the most complex neural pathway in the body after the spine. We're closer to a working release of Duke Nukem Forever than we are to eyeball transplants.

Re:Watching 'Bladerunner' too many times? (1)

drijen (919269) | more than 4 years ago | (#30360922)

I recall reading about a number of the Mobster era convicts, (Alvin Karpis, in particular, IIRC), that would:

Restrict blood flow to their finger tips
Shoot the ends up with cocaine
Shave off the fingerprints with a knife

Voila, no more prints.

Re:Watching 'Bladerunner' too many times? (1)

digitalunity (19107) | more than 4 years ago | (#30361062)

None of those really subvert fingerprint scanning. It just invalidates the results. The police are highly likely to notice your lack of prints.

A transplant moving your finger pads around though will let you through as unidentified. A far more valuable thing.

Re:Watching 'Bladerunner' too many times? (1, Interesting)

meerling (1487879) | more than 4 years ago | (#30361426)

Having missing or 'weak' fingerprints is enough to get arrested.
There are several cases of this in the USA in the last few years.

So far they've all ended up being attributed to disease or professions that have the side effect of diminishing or eliminating fingerprints.

Having a lack of fingerprints is not illegal, but the cops excuses have always been, "If'n ya ain't got dem fingerprints, ya must be upz ta no good...".
(Extreme hick accent intended for purposes of parody.)

Re:Watching 'Bladerunner' too many times? (1)

martas (1439879) | more than 4 years ago | (#30361180)

forget blade runner, this article reminds me of minority report so much that it's a little creepy...

Re:Watching 'Bladerunner' too many times? (1)

srothroc (733160) | more than 4 years ago | (#30361456)

Why swap out the eyeballs? Couldn't you get contacts that would change your irises?

Re:Watching 'Bladerunner' too many times? (0)

Anonymous Coward | more than 4 years ago | (#30361524)

no but a contact lens might do the trick... might be a little more practical than swapping out an eye ball as well.

more on topic than xkcd ! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30360296)

more on topic than xkcd !
http://comicjk.com/comic.php/306

What a security vulnerability! (2, Insightful)

Logic Worshipper (1518487) | more than 4 years ago | (#30360306)

This is only a security threat if someone removes my finger and graft's it to someone else's hand so they can get my data. So my data is only as secure as the skin on my finger. I'm so scared. The likelihood of someone stealing my finger to get data is really high. Worse, they'll steal my eyeball to fake an iris scan. Maybe soon they'll just steal my brain and remove the passwords I have memorized. I'm sure in all those scenarios what I'll be thinking is "OMG, My Data!"

Re:What a security vulnerability! (2, Insightful)

EdZ (755139) | more than 4 years ago | (#30360416)

Or simply take your fingerprint from an object you've held, print it out on an inkjet or laser printer, and stick the printout on the reader. Instant identity theft, no finger transplant required.

Re:What a security vulnerability! (1)

Fluffeh (1273756) | more than 4 years ago | (#30360860)

You forgot to supplement and emphasize your post with a WHOOSHing sound as it passed over the GP head.

Re:What a security vulnerability! (1)

Sam36 (1065410) | more than 4 years ago | (#30361662)

First one must pull finger out of rear-end

Re:What a security vulnerability! (2, Informative)

Anonymous Coward | more than 4 years ago | (#30361838)

Well, I'd get in trouble for this if I didn't post anonymously....

I work for a Fingerprint Sensor manufacturer. There are roughly two of those for current laptops (Authentec and Upek), with several other up-and-comers (Validity, Egistech), and a legion of failed manufacturers.

The ability to spoof a fingerprint sensor using a printed fingerprint is highly dependent on the specific technology used. As I remember the Mythbusters episode, they used an optical placement fingerprint sensor (glass plate that you put your finger down on, and hold it still). You won't find those in any current laptop designs - they cost too much money, and they are susceptible to easy spoofing. Microsoft currently sells an add-on optical placement fingerprint sensor.

Current FPS technology for laptops is a swipe sensor - a small rectangle that you place your finger on, then swipe. The technologies involved in acquiring the fingerprint are sufficiently different between manufacturers that, without testing, it's hard to say which sensors will be susceptible to a paper spoof and which won't, which will be susceptible to a Gummi Bear spoof and which won't.

In general, I'm sure you'd find that current sensors are far less susceptible to spoofed fingerprints than sensors just a few years agos. But, I'm also sure that you'd find some current sensors that were easily spoofed.

 

Re:What a security vulnerability! (1)

biryokumaru (822262) | more than 4 years ago | (#30360838)

Actually, I've heard stories of rich folk in Central America who get car jacked, but have biometric locks, so the carjackers cut off their fingers.

It happens.

Re:What a security vulnerability! (1)

LordLimecat (1103839) | more than 4 years ago | (#30361846)

That wasnt central america, it was (IIRC) Indonesia.

Gives a new meaning to... (2, Funny)

Nefarious Wheel (628136) | more than 4 years ago | (#30361014)

I'm sure in all those scenarios what I'll be thinking is "OMG, My Data!"

Gives a new meaning to the term "thumb drive".

Woah (1)

Idiomatick (976696) | more than 4 years ago | (#30360310)

That is really excessive. You can melt your fingerprints off with battery acid ... or like any harsh chemical. surgically swapping them sounds way harder @_@

Re:Woah (1)

T Murphy (1054674) | more than 4 years ago | (#30360502)

You'd draw less suspicion if you change your fingerprints rather than just get rid of them entirely.

Re:Woah (1)

LandGator (625199) | more than 4 years ago | (#30360522)

Fresh pineapple juice does the trick. Makes your fingers taste better, too.

Re:Woah (0)

girlintraining (1395911) | more than 4 years ago | (#30360560)

A lack of fingerprints would be noticed. The mafia did this for awhile by burning their fingerprints off with a hot iron so as not to leave them behind at the crime scene. The FBI later discovered that as fingerprints are based on deeper layers of the skin than what's on the surface, even a person who had done thisstill left a distinctive mark that could be identified -- although it was more difficult.

It would be a lot easier to use a clear plastic covering (the "silly putty finger" school of thought) or skin grown in a petri dish over a composite material with a different imprint and then grafting it over your skin -- such temporary grafts survive a limited period of time before corroding. essentially, you make thin slits in existing tissue and then 'stitch' the graft in. Remember that the graft only has to survive for a day. Micro-perforations would make it a minimally-invasive procedure, with little scarring once the grafts have deteriorated.

Re:Woah (4, Informative)

Idiomatick (976696) | more than 4 years ago | (#30360688)

According to mythbusters you could get past most scanners with a photocopy of someone else's fingers :P

Re:Woah (5, Funny)

cgenman (325138) | more than 4 years ago | (#30361362)

True story:

I worked at a video game developer once who had biometric finger scanners to clock in and out, but required you to type in your employee number first.

"If it has my fingerprint, shouldn't it know my employee number?"

So I started playing with it. I started with the same finger on the same hand. It took it. Then a different finger on the same hand. Yup. It took a different finger on a different hand. And then we got creative.

Someone Else's finger? Check. Elbow? Check. Toe? Check. Tongue? Check.

In fact, we finally found the limit of the system. It took a warm hot dog pressed up against the fingerprint scanner, but not a cold one. A lot of my faith in fingerprint biometrics was shattered then and there. I since dated someone who had a fingerprint scanner on her computer, though that only seemed to let me trough wrongly some of the time.

Another thing we learned? Co-workers don't appreciate it when you lick the thumb scanner that everyone has to clock in with.

Re:Woah (2, Informative)

vxice (1690200) | more than 4 years ago | (#30361756)

that was likely a low tech scanner. Just because it says it scans for fingerprints doesn't mean it really does and just like in any other field you get what you pay for. I work on biometrics projects at my school and one of the labs I used to work in had a hand geometry scanner, made a dozen or so measurements of the length and such of fingers one of the older and less secure methods, it required an id number because while unlike fingerprint hand geometry is good for a one to any search. meaning that it will only confirm an id because mostly the accuracy is so low compared to what it would need to determine different people without combining other security vectors. Just keep in mind not all scanners are created equal and not all modalities, different biometric paths such as fingerprint iris and many others, are equal and they can be easily combined to increase security in a similar way multiple passwords adds security and it needs to be tailored to the application just like any other security approach. and just like all other methods of security it is a cat and mouse game.

Did she fool anyone, though? (4, Insightful)

AnotherUsername (966110) | more than 4 years ago | (#30360324)

From TFA:

Japanese newspapers said police had noticed that Ms Lin's fingers had unnatural scars when she was arrested last month for allegedly faking a marriage to a Japanese man.

Seems like until they can get rid of the circular scars around their fingertips, they aren't going to fool anyone. From now on, when officials notice circular scars or other shaped scars around fingertips, they will probably have the person undergo further testing.

As far as iris switching...I don't think so. I have a feeling that the permanent blindness that likely follows(though I am not an ophthalmologist, so I can't be sure as to what is possible) will override any benefits that come from the short term gains of biometrics trickery.

Re:Did she fool anyone, though? (0)

Anonymous Coward | more than 4 years ago | (#30360366)

As far as iris switching...I don't think so. I have a feeling that the permanent blindness that likely follows(though I am not an ophthalmologist, so I can't be sure as to what is possible) will override any benefits that come from the short term gains of biometrics trickery.

What if you're blind to begin with?

Re:Did she fool anyone, though? (1)

martas (1439879) | more than 4 years ago | (#30361190)

oh my god, this could lead to the formation of entire blind terrorist networks! they could be ANYWHERE!

Re:Did she fool anyone, though? (1)

Falconhell (1289630) | more than 4 years ago | (#30361702)

I've always thought there was something suspicious about Stevie Wonder.

Re:Did she fool anyone, though? (4, Insightful)

Jah-Wren Ryel (80510) | more than 4 years ago | (#30360584)

From now on, when officials notice circular scars or other shaped scars around fingertips, they will probably have the person undergo further testing.

However, their cost to check has now gone up by at least 2x, maybe even 10x - they need to manually inspect every person (you can't just check the negatives because if the faker happens to have passed through successfully in the past their 'new' prints will already be in the database).

And this is only one attack vector. We've already seen the korean woman [crunchgear.com] last year who used a practical application of the gummy bear [theregister.co.uk] trick to fool the japanese too.

The thing to remember is that these systems will only get less effective as time goes by. All the hype when proposed about how great they are, for whatever intended purpose, represents the best they will ever be - the more familiarity people get with the systems, the more ways people will figure out how to circumvent them.

Kinda warms my freedom loving heart it does.

Re:Did she fool anyone, though? (1)

AdmiralXyz (1378985) | more than 4 years ago | (#30360728)

However, their cost to check has now gone up by at least 2x, maybe even 10x - they need to manually inspect every person (you can't just check the negatives because if the faker happens to have passed through successfully in the past their 'new' prints will already be in the database).

Not really. Japan prints every foreigner that passes into the country anyway, I don't think a manual inspection before they make you put your fingers on the pad would add that much time to the process.

Re:Did she fool anyone, though? (2, Interesting)

putaro (235078) | more than 4 years ago | (#30361074)

It does add up. And some people have scars on their fingers for non-nefarious purposes. The tip of one of my thumbs was cut off in an accident and then sewn back on. I fly in and out of Japan all the time. All I need is more Mickey Mouse at immigration.

Re:Did she fool anyone, though? (2, Interesting)

Hoi Polloi (522990) | more than 4 years ago | (#30361400)

I has psoriasis when I was fingerprinted for a DOD lab job. My fingerprints were temporarily gone and all I had was thick smooth skin on my fingertips. I even told them I had no prints and they didn't care. My print cards looked like heel prints, they wouldn't match my hands today at all.

I also had a hard time holding onto things with smooth fingertips.

Re:Did she fool anyone, though? (1)

Burning1 (204959) | more than 4 years ago | (#30360888)

Re:Did she fool anyone, though? (1)

swb (14022) | more than 4 years ago | (#30361294)

My first thought. Their methods & technique were crude, but with practice and probably some refinement it could probably be made turnkey for anyone who could make chocolate chip cookies from the recipe on the chip bag.

Re:Did she fool anyone, though? (4, Funny)

MillionthMonkey (240664) | more than 4 years ago | (#30361722)

A guy at work was always talking about using gummy bears to commit the perfect crime. You somehow make a mold of someone's fingerprint using that gummy bear material. Then you use it on a fingerprint scanner, which gets fooled by it, and it lets you in. Then, get this- you eat the gummy bear fingerprint mold, and permanently destroy the evidence of your intrusion.

That always struck me as a little improbable. You mean you're just going to eat that thing right after you pressed it against a disgusting fingerprint scanner?

Re:Did she fool anyone, though? (1)

Idiomatick (976696) | more than 4 years ago | (#30360690)

I'm not sure how you expect 'person goes by unnoticed' to make the news....

Both hands (1)

Dan East (318230) | more than 4 years ago | (#30360328)

Fingerprint both hands. With digital scanning it's not that big of a deal.

Re:Both hands (1)

Raptoer (984438) | more than 4 years ago | (#30360714)

Systems probably don't do comparisons between different fingers, if you don't know which finger it is yes it should. But comparing a finger known to be the left thumb against another finger known the be the right thumb? or even worse they switch the prints on the middle 3 fingers and swap them around from index to ring finger or something. The computing time for a problem like that goes up 10x if you have to compare each incoming print against all fingerprints on a person.

long term identity subversion prevention (3, Insightful)

drDugan (219551) | more than 4 years ago | (#30360332)

The only real identity that is immune from subversion is consistent, community agreement.

What I mean by this is that every piece of data measured can be faked, copied, or altered in the database against which the measurement is checked. DNA can be planted, id cards will be sold on black markets and faked, biometrics can be later changed or forged. The measured data in the database against which identity is checked can be altered - *all* the technology-based methods for ID have vectors of attack.

What cannot be faked is what ones peers and friends agree upon regarding who an individual really is, and that the human in wuestion really is the person they agree it is. If all the friends and neighbors agree you really are Bob, then you're Bob regardless of what you do, or what data is stored in electronic systems. This is an unwieldy (nearly impossible) metric for access to a bar, authentication for into services, permission to drive, or asserting your ID at the bank to get your money. However, at its heart, community consistency could be the unalterable root from which all the other identification methods would rely upon. Basically one can create all kinds of electronic, physical, and technology based systems that will need to get reset when they are faked or forged or incorrect. To rely on other electronic systems for that reset is flawed and misses the essential nature of how people understand and use interpersonal identity.

Re:long term identity subversion prevention (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30360486)

Not true, I've seen a case where a person built up multiple fake identities over a number of years in small country towns by visiting once a week as Bob in town one and Dave in town two etc. When it came for the ‘community’ to verify his identity as part an ID application process the people had know Bob/Dave for a number of years and he was granted numerous ID’s. It only got found out when they ran a facial recognition match over the system. It was a lot of work on his part but beats the community component.

Re:long term identity subversion prevention (0)

Anonymous Coward | more than 4 years ago | (#30360498)

and suppose I leave my community to go walkabout?

Honestly, if you want all your "friends and neighbors agree you really are Bob, then you're Bob regardless of what you do, etc.", you could also argue that if a group of people argue that black is white and white is black, that should be so. There are many examples of rule by mass that doesn't end up well, sometimes it must be best to follow your own gut, at least you won't have your conscience on you afterward.

Re:long term identity subversion prevention (3, Funny)

girlintraining (1395911) | more than 4 years ago | (#30360510)

To rely on other electronic systems for that reset is flawed and misses the essential nature of how people understand and use interpersonal identity.

Not everyone likes their friends, family, coworkers, or neighbors. Some people have jobs that are highly mobile. Some people prefer not having attachments to others. There are individuals that don't have a community identity of any kind. Should a person be denied access to those resources simply on the basis that they have no friends?

Officer: "Well your honor, he hadn't committed any crimes but we noticed that he had no friends."

Judge: "Good enough for me! Anyone who has no friends is clearly a threat to society. Book 'em danno."

Officer: "Uh, yes sir. Who's Danno?"

Judge: "Nevermind, son. It was before your time."

Re:long term identity subversion prevention (0)

Anonymous Coward | more than 4 years ago | (#30360650)

Highly mobile? TPM chip implant into the femur. Value not observable unless directly connected via a surgical procedure. Used as an authenticator-of-last-resort for your government issue ID card.

Re:long term identity subversion prevention (2, Insightful)

sjames (1099) | more than 4 years ago | (#30361300)

At one time, that was sort of the final safety valve. If worst came to worst, a person could start over with a more or less fictional history and be judged from that point forward only.

While that can be misused, there can also be legitimate uses. We as a society seem to be racing headlong the other direction. Get caught peeing on a dumpster and you might get a scarlet letter for life.

Re:long term identity subversion prevention (1)

MarkvW (1037596) | more than 4 years ago | (#30360646)

I dunno . . . ever seen the movie "The Return of Martin Guerre?"

Re:long term identity subversion prevention (3, Insightful)

Jahava (946858) | more than 4 years ago | (#30360656)

What cannot be faked is what ones peers and friends agree upon regarding who an individual really is, and that the human in wuestion really is the person they agree it is. If all the friends and neighbors agree you really are Bob, then you're Bob regardless of what you do, or what data is stored in electronic systems. This is an unwieldy (nearly impossible) metric for access to a bar, authentication for into services, permission to drive, or asserting your ID at the bank to get your money. However, at its heart, community consistency could be the unalterable root from which all the other identification methods would rely upon. Basically one can create all kinds of electronic, physical, and technology based systems that will need to get reset when they are faked or forged or incorrect. To rely on other electronic systems for that reset is flawed and misses the essential nature of how people understand and use interpersonal identity.

I disagree. Community relationships can be forged just as easily (if not easier) than biometrics in every sense.
First, you have to ask yourself "which community?" With modern transportation, Bob's community could easily span his state. With modern communication, Bob's community could span the entire world. Concepts of traditional associations and communities are in a state of constant flux. To Bob's closest friends, he may be a blob of text. It's entirely possible that Bob goes throughout life without anybody ever truly knowing him. And even if he develops close relationships, they may be difficult to extract and correlate enough to develop any serious sense of him. Just go read an obituary ... those are a person's closest contacts giving their most sincere impressions of that person. Do you feel like you really know him after reading one? Is it really likely that they do?
Then, you have to ask yourself "what consistency?" To his World of Warcraft pals he may be a secret agent astronaut millionaire [toynk.com] . To his Facebook friends, he may seem a fun, insightful guy who loves to play sports. To his parents, whom he visits on holidays, he might be a successful banker. To his landlord, he might be a deadbeat who lost his banking job in the recession. All of these personas are maintainable and verifiable in the context of his community relationships.
So bring forgery into account. Online, forgery is easy, as long as there's internal consistency with his community. In person is more difficult, but there are physical look-alikes and actors who could pull it off. Someone claiming to be Bob could completely redefine his community impression with enough determination. Point is, someone can easily pretend to be Bob, with or without his blessing, in any of his community relationships if they devote enough time and circumstance works in their favor.
So what really is a person's identity? It's not community relationships any more than it's biometrics. All of those are third-person impressions of an organism, and they only certify identity through temporal and physical correlation of their data. The only physical identity that is Bob is his brain, which (for now) cannot be duplicated and (spiritually) will never be (if that's the kind of thing you believe in). Even then, Bob can change in an instant with brain trauma ... a complete rewiring! ... but it's still Bob, from society's (and the law's) point of view.
His identity is not absolutely verifiable for the same reason it's unique ... it resides in a medium that is neither fully understood nor fully expressible. For all practical purposes, Bob will remain the sum of his parts, both socially and biometrically. Our ability to gauge Bob, like our ability to impersonate him, is based squarely on our perceptive capabilities and our time investment, and biometrics (especially retinal scans and DNA prototyping) are pretty damned capable.

Re:long term identity subversion prevention (0)

Anonymous Coward | more than 4 years ago | (#30361802)

To summarize:
Bob is Fred.
Both are trapped in an introspective hell.

Re:long term identity subversion prevention (1)

shentino (1139071) | more than 4 years ago | (#30360988)

Which works just fine up until the point that everyone is bribed to say something.

Or maybe Bob just did something so apparently horrible that everyone decides to lynch him by refusing to vouch for him.

Only a matter of time... (1)

DaRanged (735002) | more than 4 years ago | (#30360340)

Brings a whole new meaning to the word hacking. But in truth, how long will it be until <favourite biometric bodypart> can be swapped replaced 'a la' Minority Report?

As all kinds of technology improve, cheapen, become more accessible, so do the means to subvert them.

Really.... (1)

Darkness404 (1287218) | more than 4 years ago | (#30360352)

Really, fingerprinting is based on the belief that no two people have identical fingerprints, furthermore, most commercial/personal scanners are going to have a degree of forgiveness, after all, you don't want to be locked out of your laptop for having a dirty hand or something. Fingerprints are not secure, they can be manipulated, changed, altered, etc. A fingerprint is nothing more than a key.

Re:Really.... (2, Insightful)

Jezza (39441) | more than 4 years ago | (#30360620)

"The Myth of Fingerprints" - Paul Simon, right? As far as I understand it they only use a few "distinguishing features" anyway - and they allow for damage to those (like a cut). However, the point is that it's hard to predict what will "fool the scanner" and what won't. If you don't know which "distinguishing features" it's looking for what do you change? Even harder is to get the scanner to give a false hit on someone else's finger print data (so you can pretend to be them).

As evidence at a crime scene I think finger prints are far more suspect than they might at first appear.

Re:Really.... (1)

NotQuiteReal (608241) | more than 4 years ago | (#30361596)

I think you are saying it is easier not to be "you" than it is to be somebody else... seems reasonable to me. We can all change, if we want to.

Why would she do that? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30360362)

The thing they never talk about in these stories is what would drive someone to go to such lengths? There's rarely even a single quote from the person arrested, and yet the police can say whatever they like. What does that say about a society?

Re:Why would she do that? (1)

MichaelSmith (789609) | more than 4 years ago | (#30360432)

Well okay but you could spend all century talking about Bad Shit in China which the people there want to get away from.

Re:Why would she do that? (0)

Anonymous Coward | more than 4 years ago | (#30360450)

What does that say about a society?

That the lies criminals tell aren't all that interesting?

Scanners (1, Interesting)

girlintraining (1395911) | more than 4 years ago | (#30360370)

The problem isn't technology in this case, but rather bad assumptions made by the designers and users. What you're doing when you use a biometric scanner is (most often) taking a reading and converting that into a hash. And for any given hash, there will be at least one pattern that will resolve for that hash, possibly several or many. It's the same with DNA -- we can't sequence and compare a person's entire DNA, but we know certain parts of certain genes exhibit a high degree of variability, and so we sequence those and use them for comparison.

In this case, an assumption was made that fingerprints don't change on a person. Well, using lasers and surgical techniques, they can be changed, and therefore the system can be bypassed -- not because the technology is flawed, but the assumptions made about its use were. Now that this technique has been observed, we need to add another step to the identification process: Looking for scars on the fingers that suggest surgical techniques have been applied. The fingers should be carefully inspected before fingerprinting anyway -- to identify other forms of fraud as well.

Of course, there's still the human variable: Immigration necessarily requires hundreds to hundreds of thousands of personnel to administrate the rules. And the system is only as strong as the weakest link -- or the weakest person. There will always be people that can be bribed or manipulated -- or just plain lazy, and those weaknesses can be exploited. And truthfully, it'd probably be cheaper.

As long as the government walls off access to goods and services by attempting to uniquely identify people, there'll be a market for false identification. Is the price point their system has set too low?

Re:Scanners (1)

misexistentialist (1537887) | more than 4 years ago | (#30361762)

we need to add another step to the identification process: Looking for scars on the fingers that suggest surgical techniques have been applied.

Although consigning some thousands of people with accidental scars on their fingers to official non-existence is insignificant, it would seem more convenient for everyone just to tag the populace with more durable and difficult to counterfeit implanted microchips.

What about the disabled? (1)

Psaakyrn (838406) | more than 4 years ago | (#30360396)

Wouldn't fingerprinting fail spectacularly on people with no fingers? (e.g. Darth Vader, Luke Skywalker (for one hand), etc...)

Re:What about the disabled? (1)

MichaelSmith (789609) | more than 4 years ago | (#30360480)

I am not sure Japan is actively trying to keep Darth Vader and Luke Skywalker out of the country.

But as to your point: yes I suppose so. Techniques like this which work on 99% of the population free up resources to manually check the remaining 1%.

Re:What about the disabled? (3, Funny)

abigor (540274) | more than 4 years ago | (#30360680)

Yes, Darth Vader has been able to slip undetected into numerous Western democracies for this very reason.

Re:What about the disabled? (2, Funny)

sincewhen (640526) | more than 4 years ago | (#30360874)

"Yes, I have changed my fingerprints. Pray that I don't alter them further!"

Re:What about the disabled? (1)

Falconhell (1289630) | more than 4 years ago | (#30361734)

Yeh, that Dick Chaney disguise is a ripper!

Re:What about the disabled? (1)

sqlrob (173498) | more than 4 years ago | (#30361764)

He even got a job at CNN

FBI fighting this since the 1930's (5, Informative)

Somegeek (624100) | more than 4 years ago | (#30360410)

"other countries who fingerprint visitors could be equally vulnerable — not least the United States", according to BBC Asia analyst Andre Vornic.

Vornic needs to do some research. Criminals in the US have been attempting to surgically alter or mask their fingerprints since at least the 1930s, and the FBI has been researching the techniques since then as well. I remember reading about this in a book from the 60's, where a counterfeiter surgically swapped his prints around, and the FBI recognized them, out of order, and matched them back up with the original fingers.

Still the same fingerprints...? (2, Interesting)

TangoMargarine (1617195) | more than 4 years ago | (#30360518)

So the only way this person's surgery is actually worth anything is if fingerprint scans care which hand the prints are one? I would think that if you switched your hands' fingerprints, you'd still have the same prints, which could be picked up easily enough as long as the scan tests the prints against your right and left hands both.

Not to mention, as I'm sure someone has by now, they would probably notice the scars. I would think it would be more worth it to get someone else's fingerprints, if you could.

Re:Still the same fingerprints...? (1)

icegreentea (974342) | more than 4 years ago | (#30361468)

Think about it. If you have big noticable scars... don't you think that would effect the scan?
Also, I think they only transplanted part of each fingerprint around. So you would get a transplanted section in the middle of your finger or something. That would make detection harder.

Re:Still the same fingerprints...? (1)

izomiac (815208) | more than 4 years ago | (#30361752)

I would think it would be more worth it to get someone else's fingerprints, if you could.

Swapping one's own finger pads is bound to be painful and you'd lose your sense of touch for quite a while (perhaps some of it permanently). Graphing on someone else's would mean that you'd need to take immunosuppressants to make rejection less likely. Taking those drugs is better than dying, but they're certainly no walk in the park, and expensive to boot. You'd basically be sacrificing years of your life and the health of your remaining years. I could see a suicide bomber doing it in a heartbeat, but not someone trying to fool immigration.

Never Say Never Again (1)

mederjo (899667) | more than 4 years ago | (#30360570)

The movie "Never Say Never Again" clearly illustrated the shortcomings of iris scanning. That was back in the '80s. Pretty easy to fake the US President's iris and get the live warheads to replace the dummy ones. If USAF measures can be circumvented so easily then how can ordinary immigration officials deal with it?

I suppose there's an outside chance it could have all been fictional I guess. With all this reality TV it's so hard to tell what's real these days...

Re:Never Say Never Again (0)

Anonymous Coward | more than 4 years ago | (#30360630)

The movie "Never Say Never Again" clearly illustrated the shortcomings of iris scanning. That was back in the '80s...

Wrong! "Never Say Never Again" clearly illustrated the shortcomings of _retina_ scanning!

Re:Never Say Never Again (1)

lobiusmoop (305328) | more than 4 years ago | (#30361016)

It's another Bond film - 'Diamonds are Forever' - that has the fake fingerprint tech [jamesbondmm.co.uk] in it.

Re:Never Say Never Again (1)

AnotherUsername (966110) | more than 4 years ago | (#30360940)

When it comes to reality tv, I think it is safe to say that it is all fiction.

Life imitates art (1)

inviolet (797804) | more than 4 years ago | (#30360670)

So I gather it's time to upgrade our biometric identification to the new "colonic map" technology?

Fraud? (3, Interesting)

maxume (22995) | more than 4 years ago | (#30360692)

Is it really fraud? Is there some promise that everyone has made to never make alterations to their bodies?

(I think it's dumb, but I don't see how it is fraud, she didn't actually impersonate anyone or anything)

Re:Fraud? (0)

Anonymous Coward | more than 4 years ago | (#30360902)

If she hadn't you would think that her passport would have been as incriminating as her fingerprints. Then again, most police departments around the world suck at sharing data except when it has some use in the harming of innocent citizens.

Re:Fraud? (1)

nedlohs (1335013) | more than 4 years ago | (#30360928)

Note the word "alleged". They are accusing her of doing it in order illegally enter the country.

She obviously did impersonate someone, well at least claim to be someone who possibly doesn't exist at all, since otherwise she wouldn't be in the country.

It seems pretty cut and dry since she would also have had to use false information on the parts of the immigration form asking things like "what is your name?", "have you ever been deported?", and so on.

Re:Fraud? (1)

aukset (889860) | more than 4 years ago | (#30361252)

Its not illegal to copy/forge a signature either, unless the purpose is to impersonate or defraud. Its called intent. It will llikely be more diffucult to prove intent than to prove the act itself, however. It is like the difference between copying someone's signature on a blank sheet of paper versus doing so on a check.

Yuo 7ail i7? (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#30360848)

No matter how server crashes incompatibilities shower Don't just Lube. This can lead users', BigAzz, the goodwil7 too many rules and Posts. Therefore

Re:Yuo 7ail i7? (1)

martas (1439879) | more than 4 years ago | (#30361232)

probably, but also conscience to railway hence buttsex could instead contribute to global warming. Since

What about publishing them openly? (4, Interesting)

Richard_J_N (631241) | more than 4 years ago | (#30360994)

How about a public (anonymised) repository of fingerprints. The idea is this: I can't change my prints, nor can I get back control once the government has taken them. But I could publish them to the world. That makes the print very easy for anyone else to fake. In other words, plausible deniability.

Re:What about publishing them openly? (1)

syousef (465911) | more than 4 years ago | (#30361728)

How about a public (anonymised) repository of fingerprints. The idea is this: I can't change my prints, nor can I get back control once the government has taken them. But I could publish them to the world. That makes the print very easy for anyone else to fake. In other words, plausible deniability.

Your plausible deniability just landed you in jail for aiding terrorists. Please try again later.

Bottle Cap Technique (1)

BountyX (1227176) | more than 4 years ago | (#30361072)

Very easy to fake a print using the bottle cap technique [ehow.com] . Surgical alteration seems a bit overkill to me.

That's gotta hurt... (1)

Trip6 (1184883) | more than 4 years ago | (#30361206)

...cutting off one's fingerprints and swapping them between hands? OUCH!!! And there's more nerves there than anywhere else in the body.

do77 (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30361286)

then JorD4n Hubbard

The obvious answer? (1)

Concerned Onlooker (473481) | more than 4 years ago | (#30361406)

I would have thought the answer to subverting retinal scans would have been suggested by the original story: Just cross your eyes.

This will be quite e (1, Informative)

Anonymous Coward | more than 4 years ago | (#30361412)

Hi There,

I work for a company that has designed and implemented fingerprint bordergate security for many countries. This may include the country in mention.

This problem will be quite easily overcome. As processing power increases, it will be increasingly easy to search more combinations of captured fingerprints against prints stored on a database. For instance, at this time there is no need to search somebody's right thumb against all of the left thumbs stored in the database. This is for obvious reasons. The fingerprints that are captured in a process as described in the article are not hashed together or in any other way combined, they are simply searched individually against prints stored on a database for the given finger position.

The solution is to simply search each fingerprint against (at least) the fingerprint stored for the opposing hand. You could also search against the entire database. This is similar to the process used when lifting a fingerprint from a crime scene, in which case the finger of origin is often unknown.

So, the solution will be quite simple, and will simply require more processing power for the search. More money to the vendors.

Easy enough... (1)

hyades1 (1149581) | more than 4 years ago | (#30361442)

If your only objective was to stop your retinal scan from being successfully compared to one on record, I'd think a little mild laser surgery would solve the problem.

Subverting iris scans (1)

dido (9125) | more than 4 years ago | (#30361652)

Hello, Mr. Yukamoto, and welcome back to the GAP!

Time for some biometric escalation. (1, Funny)

Anonymous Coward | more than 4 years ago | (#30361834)

Hear, hear, I am eagerly waiting for my rectal probe at every immigration process...no jokes about my orientation, please.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>