Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Aussie Kids Foil Finger Scanner With Gummi Bears

samzenpus posted more than 3 years ago | from the gummi-security dept.

Security 303

mask.of.sanity writes "An Australian high school has installed 'secure' fingerprint scanners for roll call for senior students, which savvy kids may be able to circumvent with sweets from their lunch box. The system replaces the school's traditional sign-in system with biometric readers that require senior students to have their fingerprints read to verify attendance. The school principal says the system is better than swipe cards because it stops truant kids getting their mates to sign-in for them. But using the Gummi Bear attack, students can make replicas of their own fingerprints from gelatin, the ingredient in Gummi Bears, to forge a replica finger. The attack worked against a bunch of scanners that detect electrical charges within the human body, since gelatin has virtually the same capacitance as a finger's skin."

cancel ×

303 comments

Sorry! There are no comments related to the filter you selected.

Next up... (5, Insightful)

Moryath (553296) | more than 3 years ago | (#34046512)

I can just see it now. Next they come up with one to detect "body heat" in the finger.

And the kids circumvent it by keeping the gummy bears in their pockets on the way to class.

Once again, a "foolproof" system proves to be only as useful as the fool who invented it.

Re:Next up... (0)

Anonymous Coward | more than 3 years ago | (#34046524)

What are, in your opinion, some good biometric tests to prevent fraud?

Re:Next up... (5, Insightful)

Moryath (553296) | more than 3 years ago | (#34046638)

There really aren't.

As far as the human body goes, there are only a few things that are really "constant." Exposure to allergens or illness change the voice enough that it will fail vocal characteristic matching. Taking biometric readouts of a facial structure fails the moment someone has a serious traffic accident, gets any sort of illness that causes facial swelling, or simply grows out their facial hair.

Fingerprints? I think we've done that one pretty much to death.

The best suited is probably retinal or iris scanning, but even those have issues. Retinal scanning fails on any number of degenerative disorders affecting the blood flow, like diabetes and glaucoma. It also fails to properly record and identify on people with moderate to severe cataracts and astigmatism. There are also some pretty hefty privacy issues with retinal scanning, since it can be used to diagnose a number of diseases and conditions - AIDS, syphilis, a number of other STD's, malaria, chicken pox, hereditary diseases like lymphoma and anemia, and even pregnancy.

Iris scanning will fail to recognize due to tinted glasses or cosmetic contact lenses, and it'd be pretty easy to spoof them with a contact lens "printed" to someone else's pattern that is opaque around the ~750nm wave band that most NIR (Near Infrared) scanners use - and the reason they predominantly use NIR is that if you don't pick that specific band, light reflections from the cornea throw enough noise into your scan image to make it virtually unusable. For the really cheap-ass iris scanners, a suitable high-quality picture of someone's eye may even be sufficient to spoof.

And of course, both retinal and iris scanners will fail out if they don't have an incredibly controlled environment - stick a retinal or iris scanner in an area with bright sunlight or inconsistent lighting, and you may as well just chuck the thing out the window, because iris contractions to open/close the pupil will make your scan worthless.

Of course, you could put a hooded structure that people have to stick their eyeball on to look into in order to get scanned. That'll last all of about 2 days before some prankster gets the idea to smear some india ink or something else around the edge of the eyeball viewer...

Re:Next up... (3, Insightful)

russ1337 (938915) | more than 3 years ago | (#34046734)

so RFID under the skin it is then....

Re:Next up... (5, Insightful)

The Hatchet (1766306) | more than 3 years ago | (#34046784)

Easy, just scan people as they walk by, record their numbers and get yourself an adjustable implant. You could change identities whenever you please. That is probably the easiest to spoof of all.

Re:Next up... (0)

Anonymous Coward | more than 3 years ago | (#34046902)

They would need a challenge-response verification type for RFID. Never give up your secret.

Re:Next up... (5, Funny)

phillips321 (955784) | more than 3 years ago | (#34046990)

You could change identities whenever you please.

Finally my dream of becoming a 10year old choir boy is getting ever closer :-)

Re:Next up... (0)

Anonymous Coward | more than 3 years ago | (#34047008)

So you want to sue the local priest, mate?

Re:Next up... (4, Informative)

chrb (1083577) | more than 3 years ago | (#34047016)

Easy, just scan people as they walk by, record their numbers and get yourself an adjustable implant. You could change identities whenever you please. That is probably the easiest to spoof of all.

Zero-knowledge password proof [wikipedia.org] . We've had the technology for several decades to implement systems where mutual authentication can take place without exposing private keys or passwords.

Re:Next up... (0)

Anonymous Coward | more than 3 years ago | (#34046818)

IRIS Scan detects AIDS? Well damn it, that is a feature, not an issue for schools :)

Re:Next up... (0)

Anonymous Coward | more than 3 years ago | (#34046970)

They make finger/hand scanners that scan the veins within your fingers, it would still fail due to degenerative disorder, or loss of hands. However, if one was parted with their fingers, it would take skill to recreate the same environment as your body, as you would have to recreate the low pressure of the veins.

Re:Next up... (3, Interesting)

chrb (1083577) | more than 3 years ago | (#34046996)

There really aren't.

Human beings manage to identify each other pretty well based on previous knowledge, often only visual information. As technology advances the technology to uniquely identify people will become more accurate. And more importantly - and a fact that a lot of people miss - the system doesn't need to be perfect, it only needs to be more accurate than the system that it replaces. For example passports - a unique chip ID+personal knowledge+biometric is a more accurate form of authentication than a photograph and some minimum wage guy comparing it to the holder's face several thousand times a day. I can see why people find biology based authentication intrusive, and celebrate when it fails in situations like this, but it's a small victory in a rather irrelevant environment. The technology to uniquely identify and authenticate an individual is going to get better, and it is going to become harder for the average person to forge and use an alternative identity.

How about "education"? (4, Insightful)

Joce640k (829181) | more than 3 years ago | (#34047056)

If the problem with cards was that people were swiping their friend's cards, and the problem with fingerprints is that they're faking them, then the problem seems to be a social one.

As noted, there's no technical solution that will keep motivated teenagers at bay.

Re:How about "education"? (4, Insightful)

xaxa (988988) | more than 3 years ago | (#34047262)

If the problem with cards was that people were swiping their friend's cards, and the problem with fingerprints is that they're faking them, then the problem seems to be a social one.

As noted, there's no technical solution that will keep motivated teenagers at bay.

Yes there is -- at least, if your goal is that they be in class: have the teacher check who's there in the first minute of the lesson. Loads of schools in Britain use some kind of electronic system to do this (there are various manufacturers). Of course, it takes some time at the start of the lesson, so why not combine the two systems? Have the swipe card system, and then a message to tell the teacher "22 students have registered for this class". She can then verify this.

(I had a friend at a different school back in 2002 with the swipe card system. He made money by charging other students to swipe their cards before class. Many of these students could afford this since they were paid to go to school [wikipedia.org] .)

Re:Next up... (0)

Anonymous Coward | more than 3 years ago | (#34047192)

Of course, you could put a hooded structure that people have to stick their eyeball on to look into in order to get scanned. That'll last all of about 2 days before some prankster gets the idea to smear some india ink or something else around the edge of the eyeball viewer...

... or a "prankster" to install a laser capable of switching to a higher wattage when detecting a certain eyeball ...

Loosing a key-card in a malfunctioning device is one thing. Being able to loose parts of my body because of such a malfunctioning (for whatever reason) device is a whole other ballpark. Especially when I really need them.

Re:Next up... (0)

Anonymous Coward | more than 3 years ago | (#34046660)

None, biometry for identification is based on an idea that we should all for some reason be unique. There is as far as I know nothing at all that prevents multiple persons from having identical dna-sequences or identical fingerprints.

The problem is that we have built systems that require us to identify people to prevent fraud. (No I do not have a better idea but I would prefer not to go down the route that requires us to put a barcode on all infants to make sure that they could be identified through life.)

Re:Next up... (5, Insightful)

Worthless_Comments (987427) | more than 3 years ago | (#34046684)

The teacher could actually, you know, take roll. I guess that would be too much work for a government employee though?

Re:Next up... (3, Funny)

Noitatsidem (1701520) | more than 3 years ago | (#34046830)

That would be way too much work. Y'know, where I live teachers have to take roll- And boy oh boy do they hate it. They have to actually get on the schools network, and then CHECK THE STUDENTS OFF! It's insane! I think we should move to DNA testing: Each child has to spit in a cup and give it to the DNA lab when they come in in the morning, and in good time we'll know for sure who's skipping. We should also hire an entire staff to do this, and to make sure each kid gets one cup, this will prevent kids from signing their friends in! This would solve the whole "too much work for a government employee" issue. (Wow, I'm genius.)

Re:Next up... (4, Insightful)

delinear (991444) | more than 3 years ago | (#34047030)

When I was at school there was no need to get on any network. In fact, only two rooms in the entire school had a connection to the network. The teachers had a printed sheet of what we used to call "paper", and they'd use an archaic device called a pen to tick off students in attendance. Of course, back then they also actually knew the students, which was a big help (after a couple of classes they could put names to faces and check off the register in silence while the students got on with some work). It seems schools are falling over themselves to find technical solutions to something that's been trivial to manage for years, I don't see the agenda, are schools subsidised by the companies who provide the technology and welcome real world trials or is it something else?

Re:Next up... (4, Insightful)

strack (1051390) | more than 3 years ago | (#34047118)

well, its a effective way to get everyones fingerprints on record, whether theyve commited a crime or not. its basically a way to sqeeze a great big brick over everyones privacy. and it also primes people to be more accepting of giving up biometric data for a government database.

Re:Next up... (1)

TubeSteak (669689) | more than 3 years ago | (#34046688)

What are, in your opinion, some good biometric tests to prevent fraud?

Scanning for fingerprints + capillaries.
The top end fingerprint scanners check for temperature, capacitance and then they take a multi-spectrum look deeper in order to snap a picture of your capillaries.

It's still fakeable, but you'd have to go to a lot more effort to make it work.

Re:Next up... (0)

Anonymous Coward | more than 3 years ago | (#34046704)

iris? hand geometry? veins in the hand?

the sky is the limit, as they say.

Re:Next up... (1)

The Hatchet (1766306) | more than 3 years ago | (#34046790)

Cut off their hands.

Re:Next up... (5, Insightful)

SharpFang (651121) | more than 3 years ago | (#34046886)

There's one, worse problem. Compromised credentials can't be changed. Only revoked. So someone somehow acquired your retina scan... sorry, Your credentials as compromised have been revoked, you're fired, come back when you get new retinas.

Re:Next up... (0)

Anonymous Coward | more than 3 years ago | (#34046568)

The traditional system only enabled the accomplished forger to circumvent it, the new system enables everyone to be an accomplished forger.

Isn't this the promise of technology?

Re:Next up... (4, Insightful)

interkin3tic (1469267) | more than 3 years ago | (#34046658)

I can just see it now. Next they come up with one to detect "body heat" in the finger.

Or they just try to ban gummi bears. If they're coming up with a stupid fingerprint scanner, these are obviously the typical school administrators, cut from the same cloth as those who gave their students laptops and didn't tell them they'd be watching them through the webcam at all times, adding to the contraband list is probably going to be their first reaction. Maybe if the ban fails miserably, they'll just tattoo barcodes onto their foreheads.

I suspect the public would not be so willing to accept encroaching police states and governments slowly taking away our rights if schools had to actually justify shit like this to the students.

Re:Next up... (5, Insightful)

choongiri (840652) | more than 3 years ago | (#34046682)

Whether it's technically possible to defeat the system isn't the issue. If you're trying to force kids' presence with technological measures rather than encourage leaning and enthusiasm socially, you're doing something wrong. Especially since this is talking about older kids. Try giving them something fun to do, instead of demanding they bio-retina-dna scan in after recess.

Re:Next up... (5, Funny)

davester666 (731373) | more than 3 years ago | (#34046764)

You mean like getting them to figure out how to defeat a high-tech security system using gummi bears?

It's fun and you can eat the evidence!

Re:Next up... (5, Funny)

MichaelSmith (789609) | more than 3 years ago | (#34046838)

My son is an Aussie kid and there is no way he could not eat a gummi bear long enough to foil a finger scanner.

Re:Next up... (4, Insightful)

delinear (991444) | more than 3 years ago | (#34047050)

You seriously do not want to eat a gummi bear that's touched the same scanner as a couple hundred teenagers - trust me, I used to be one, I know the kinds of things they touch. I wouldn't even want to touch that with my finger, let alone my food. On the plus side, at least when all the kids get sick because they're sharing around their diseases, at least they'll have a legitimate excuse to not be in class.

Re:Next up... (1)

martas (1439879) | more than 3 years ago | (#34046940)

actually, i remember a russian news story from many years back (5-6) about some dudes that designed a fingerprint scanner that detected blood flow in the finger, thus supposedly making sure that what's being scanned is actually a finger. as i recall, it was basically this thing you stuck your finger into, with some kind or radiation from above (IR, probably, though not sure), and sensors underneath, that detected heartbeat.

Re:Next up... (1)

tehdaemon (753808) | more than 3 years ago | (#34047042)

There is an Android app that uses the phone's camera to measure heartbeat. You put your fingertip up to the camera lens. It works fairly well.

T

Re:Next up... (3, Informative)

Joce640k (829181) | more than 3 years ago | (#34047064)

So... you do what Mythbusters did and make a thin gel fingerprint and stick it to your real finger. You'll have temperature, heartbeat, everything.

It's an unsupervised machine and input sensors can *always* be fooled. Period.

Re:Next up... (1)

delinear (991444) | more than 3 years ago | (#34047190)

If the gummi bear is stuck on the end of the finger, it sounds like this would still be sufficient to fool the scanner.

Re:Next up... (1)

Catmeat (20653) | more than 3 years ago | (#34047102)

Once again, a "foolproof" system proves to be only as useful as the fool who invented it.

There is a fool here, but not the inventor - from his or her PoV the system did exactly what it was supposed to do, it got sold. Though whether more will be sold after this story is another matter.

The security business isn't about providing solutions that work. It's about providing solutions that appear to work in promotional DVDs and glossy brochures, making it possible to persuade people in authority to write cheques.

Re:Next up... (1)

WidgetGuy (1233314) | more than 3 years ago | (#34047106)

Actually, my Toshiba laptop (now about five years old) came with a built-in fingerprint scanner that would not readily fall to the gummy bear attack since you must draw (drag) your finger across the scanner (not just place it on a scan pad). That would create an ... err ... "sticky" situation for those attempting to use gummy bears to log into my laptop.

I didn't RTFA, but the /. summary sounds a little fishy to me. If you press your finger into a gummy bear to make a copy of your fingerprint, then flip the bear over and present it to a scanner, you are presenting a mirror image for recognition.

For example, say a swirl on your finger tip is a U shape with the left arm of the U taking off at a greater angle than the right arm (sort of like the left arm of a V instead of a U). Flip that over (top stays top) and you have a U shape swirl with the right arm looking like the right arm of a V. In addition, your fingerprint is comprised of ridges. The copy on the gummy bear would be comprised of troughs. The scanner should be able to tell the difference.

So, could a mirror image comprised of troughs rather than ridges really work to fool a scan pad type fingerprint scanner? I kinda doubt it. Anyhow, if I were designing (or buying) such a scanner, I'd make damn sure it couldn't!

I also doubt whether a "two pass" gummy bear attack would work. In a two-pass attack, the attacker would press a human finger into the gelatin on the first gummy bear, thereby creating the mirror image. That gummy bear could then, theoretically, be pressed into a second gummy bear to create a mirror of the mirror, which would be what the scanner should be expecting. But, the result would probably not have sufficient resolution to be acceptable to the scanner because the print copy in the first gummy bear is represented by troughs, not ridges. While the second gummy bear would be comprised of ridges, to get anywhere near usable resolution, one would have to very carefully "melt" gummy bear two "into" gummy bear one, then cool (freeze?) and separate. Lots of work. Lots of hideously-deformed gummy bears scattered about the workbench. Much easier to take the truant's finger with you. They have very good results reattaching stuff like that these days (be sure to keep it on ice when not in use, though).

Returning to the Toshiba laptop... Until you get used to using it, a "drag over" type fingerprint scanner can be frustrating because it seems to reject on the slightest whim (dragged too short, dragged too fast). Eventually, I came up with a technique that gets it to work first time every time: I simply breath on my finger before drawing it over the scanner. This deposits a very thin coating of moisture on my finger which is just enough to slow my drag down to where I get a "good read" first time, every time.

When I initially trained the scanner to recognize my primary finger, I was encouraged (by the registration software) to register a second finger -- preferably on the other hand. Accidents do happen and some types of damage to your primary finger could make it impossible to use. The other hand is recommended because, statistically, people are less likely to sustain damage to both hands in a single accident (think table saw, chain saw, car door, et al.). But, this second finger can also be used as a "fallback" when your primary finger is rejected three times in a row. Guess which finger I picked? In the few instances when I've had to use my fallback finger over the years, the experience has been quite emotionally satisfying!

Disturbing photo (0)

Anonymous Coward | more than 3 years ago | (#34046518)

If that is an actual photo of an Australian kid's finger prints they have bigger issues than being absent. I've heard of kids chewing nails but Australian kids must chew off their whole finger tips. Creepy.

Re:Disturbing photo (1)

PatPending (953482) | more than 3 years ago | (#34046574)

No it's not. (WTF, /. editors?)

Re:Disturbing photo (1)

PatPending (953482) | more than 3 years ago | (#34046612)

Clarification: no it's not an actual photo of an Australian kid's finger prints. Still: WTF, /. editors?

I for one welcome our new Gummi Bear overlords! (1)

PatPending (953482) | more than 3 years ago | (#34046532)

My faith in this generation has been restored!

Now get off of my lawn.

Re:I for one welcome our new Gummi Bear overlords! (2, Funny)

n1hilist (997601) | more than 3 years ago | (#34046630)

>Now get off of my lawn.

okie dokie dukie :)

Re:I for one welcome our new Gummi Bear overlords! (2, Funny)

tehdaemon (753808) | more than 3 years ago | (#34047086)

Stop calling me dukie!

- Igthorn

Re:I for one welcome our new Gummi Bear overlords! (0)

Anonymous Coward | more than 3 years ago | (#34047114)

PatPending!

My hero!

The Future is Secure (4, Insightful)

lorelorn (869271) | more than 3 years ago | (#34046536)

Fuck, YES. I read the original story, about the school introducing this moronic system, and could only shake my head. Attempts at total control are generally the solution proffered by lazy bureaucrats as an alternative to them doing their jobs. Here’s an idea - instead of working out ways of forcing the kids into school and keeping them there - why not work to make it compelling for them to come to school in the first place. I know, hard, right? Idiots. However, the creative (dare I say scientific) solution employed, and so quickly makes me remotely proud of our clever children. It’s nice to see the kids are far more intelligent and creative than their so-called teachers. I will have somewhat less pride when they remotely drain my bank account and I am forced to live on cast off gummi bears, but hey.

The Future is FAR from Secure (2, Insightful)

sonamchauhan (587356) | more than 3 years ago | (#34046618)

I agree that its a stupid and lazy approach. But there is only so much you can do to "make it compelling" until reality sets in that discipline is necessary for children.

The oldest approach is still the best - have teachers (and not machines) who **recognize** kids conduct roll calls.

Re:The Future is FAR from Secure (3, Insightful)

The Hatchet (1766306) | more than 3 years ago | (#34046824)

Kids in some areas of the world willfully walk miles to school every day. Why? because they are learning. In America, our schools force our students to memorize arbitrary facts in arbitrary order with no regard to context or meaning. This is problematic because the brain is typically terrible at memorizing out of context, out of order, arbitrary information, we have a very small capacity for it. On the other hand, it is possible to cover several weeks of math in a single day, and the students will enjoy and remember it, it is is conceptual, in proper context, and useful. I learned partial fraction decomposition 4 years ago, and just learned a use for it today in differential equations. All you have to do to compel students to attend school is to teach them, instead of screaming at them to memorize totally pointless bullshit while eating shitty food, being told what they are allowed to say and where they have to be every minute of the day, even when they are allowed to go to the bathroom, and they can be arrested for being physically attacked. Of course truancy is a problem in this bullshit hell of a system.

Support real education reform. Well educated children don't need strict discipline, because they know better, they understand why it is bad to do X action. But if you just scream at them "OBEY ME OR SUFFER!" of course they are going to be angsty and rebellious. What an insensitive clod.

Re:The Future is FAR from Secure (4, Insightful)

cappp (1822388) | more than 3 years ago | (#34047002)

What? Kids willingly walk miles to school every day because it's drilled into their heads that the only way off the farm, out of the slums, or whatever their particular disadvantage happens to be, is through education. There's no magical inspirational African/South American/Chinese teaching model that somehow drives these kids out of their beds before dawn and across miles with hungry bellies and an urge to learn. Hell, most of those kids are walking miles to school every day to learn arbitrary information, out of order, and by rote. Teaching kids to be critical learners, to engage with knowledge? That's a privilege that's only found in the rich western educational model, certainly not in the shanty towns.

That being said, I understand your broader point and agree somewhat. Education has to be relevant, it should be interesting, and it shouldn't be one-size-fits-all. However, if we're honest we have to admit that that kind of system is expensive, demands teaching excellence, is hard to assess, and complicated to run. The US has over 60 million students in primary and secondary schools - that's an enormous population. There are a lot of problems with education in the west - most of them related to broader social issues like violence, poverty, ignorance et al - but it’s not nearly as bad as some of us seem to feel. There is a logic to a lot of the problems you’re complaining about and while matters could possibly be dealt with in better ways it’s going too far to claim the system itself is bullshit hell.

Re:The Future is FAR from Secure (1)

Y0tsuya (659802) | more than 3 years ago | (#34047010)

I came from a part of the world where kids willingly walk miles to school everyday and parents bankrupt themselves to pay the tuition. And I can tell you the curriculum is based almost entirely on rote memorization and constant testing. Why? So they can do well on entrance exams to elite high schools and colleges and then perhaps become part of the elite. While in school they had to put up with authoritarian discipline. If they don't like it well they're welcome to drop out and make way for others. Kids in America have it so good they don't care if they're pissing it all away.

Re:The Future is FAR from Secure (0)

Anonymous Coward | more than 3 years ago | (#34047172)

there is only so much you can do to "make it compelling" until reality sets in that discipline is necessary for children.

Is there? I bet we all had some teachers where we actually liked attending classes. There's a difference between a competent teacher who actually engages his pupils and one that hates his job and all those little "fuckwits" and just throws the mandatory curriculum at them.

Of course with declining pay, increasing stress and bullying because everybody blames them for the fuck-ups of the parents and their "precious little flowers", it's no wonder teaching quality declines. Who in their right mind would become a teacher if they had a choice?

But let's rather throw a few 100 billions at banks and take the last few petty millions the education system gets from them.

Re:The Future is Secure (0)

Anonymous Coward | more than 3 years ago | (#34046984)

Buncha goose-stepping Godwins running that school...

Re:The Future is Secure (0)

Anonymous Coward | more than 3 years ago | (#34047046)

You appear to have enough passion to make you the best person on the planet to make school attractive for kids. Go.

What happened to roll call? (1)

Joce640k (829181) | more than 3 years ago | (#34047074)

When I was at school we had to sit in a room and the teacher would read out a list of names and you had to say "here!".

human attendance control... (1)

dutchwhizzman (817898) | more than 3 years ago | (#34046556)

...is more expensive than a finger print scanner? Pay peanuts, get gummi bears.

Come on, dudes. (1)

Grapplebeam (1892878) | more than 3 years ago | (#34046576)

Not even slightly surprised this is coming from Australia. You guys really need to do something about reworking that government so the party that doesn't win anything also doesn't end up in power.

Those kids better watch out! (2, Funny)

n1hilist (997601) | more than 3 years ago | (#34046580)

Duke Igthorn is NOT going to be happy when he hears about this!

Misleading Title (4, Informative)

scdeimos (632778) | more than 3 years ago | (#34046582)

Nobody has actually foiled the high school fingerprint scanners yet, it's still only in the realm of (likely) possibility - especially after the kids see this story on /.

Re:Misleading Title (0)

Anonymous Coward | more than 3 years ago | (#34047070)

Nobody has been caught fooling the high school fingerprint scanners yet.

FTFY

Removing the human ... that's where the issue is (1)

Gopal.V (532678) | more than 3 years ago | (#34046588)

Biometric, swipe cards or any other method they use will have loopholes when left alone. All it needs is a single teacher to watch everyone put their fingers there. But if I were in school I'd hate that too (*mutters* "fucking attendance nazis").

In my old 2nd language class in school, we would all file in, sit down and the teacher would go through the list & call out the students she thinks is absent. But it was all on paper and there was no tallying done until the end of the term.

But I must applaud the school for making the kids work harder to break the system, that's a definite way to select intelligence for "coolness" :)

Re:Removing the human ... that's where the issue i (4, Interesting)

EdIII (1114411) | more than 3 years ago | (#34046804)

Quite a long time ago the school district I was in kept attendance records on a computer. The password was kept on a piece of paper in the secretary desk, but that didn't matter. They had a 2400 baud modem connected to a hard line that allowed access for all sorts of records to be shared. I guess they figured the security was knowing that magic 7 digit number written on the modem, and not believing for a second that any child could possibly get the idea to call it, let alone with their own modem, and never one that understood computers better than they did.

One of my first entrepreneurial ventures was attendance management services to other kids. In this system once you hit a certain level of tardiness, or missed classes, it triggered a physical letter to be sent to the parents. I could make sure that didn't happen. Was fairly profitable and this was back when "computers never lied" and hacking was not well understood by anybody, least of all school administrators.

I had to stop when it became obvious in some parent teacher conferences that some students had clearly been ditching a lot of classes according to the teachers, but the records on the computers no longer matched the written records of the teachers. Good thing I used the computer lab and my own modem otherwise the phone records would have busted me... if the investigation even got that far. Since the "corrupt" records matched the district offices, it was assumed the computer itself was faulty somehow. They just ended up replacing it... but leaving the modem.

I guess my point is overall, that if schools are really serious about taking attendance, maybe they should concentrate less on the technology and more about giving a shit "hands on". Teachers should have the phone numbers and email addresses of their students parents, and I don't know, use them. I would have never gotten away with what I did had their been even a small amount of caring amongst the staff. At this point in my life it disapoints and saddens me that a teacher would not directly call the parents once a student missed 3 classes in a week. Waiting for an automated system to send a letter out after 7 missed classes just allows a problem to fester for around a month before anybody starts to address it.

Of course I can't blame a lot of the teachers. When you are chronically underpaid and have to do ridiculous shameful shit like purchasing resources out of your own pockets for your students, I can understand how some become burned out and disillusioned.

Kids pick up on that too. If they feel they are in a situation where people don't care and it's a mechanical mind numbing system they are forced to deal with, they will react, and most often negatively.

I guess what pisses me off more about this story is they could have used the money in that budget to raise the teachers salary and just had the teachers write down attendance in a book and have the empowerment to directly call the fucking parents.

Re:Removing the human ... that's where the issue i (1)

Captain Hook (923766) | more than 3 years ago | (#34046850)

Biometric, swipe cards or any other method they use will have loopholes when left alone. All it needs is a single teacher to watch everyone put their fingers there.

But isn't the whole point of this so that you don't need to employ someone to check attendence? If you have to employ someone to stand there, why no just get that same person to call out names and record on a register?

Let's see... (4, Insightful)

kurokame (1764228) | more than 3 years ago | (#34046590)

* You have to buy a new system and probably sign a support contract for it
* It ties up personnel with deployment
* It doesn't work any better than the old system
* It raises significant privacy issues not present in the old system
* It raises huge data security and disposal issues not present in the old system
* Adding a new student is more invasive and time consuming than in the old system
* Fingerprint biometrics can track an arbitrarily large set of individuals...but they can only distinguish a few hundred

Yep, that sounds like a textbook example of educational bureaucracy.

Re:Let's see... (1)

captainpanic (1173915) | more than 3 years ago | (#34046938)

And tomorrow's news: Budget cuts for schools to have more students in a classroom.

Fingerprint scanners at school? (1)

jackgrass_jr (756580) | more than 3 years ago | (#34046594)

If a school needs fingerprint scanners to take attendance, doesn't that imply that the school has bigger problems than students circumventing fingerprint scanners?

Re:Fingerprint scanners at school? (1)

AHuxley (892839) | more than 3 years ago | (#34046728)

More like a tech boondoggle, everybody wins, contractor, school gets funds, teachers get new kit, kids get educational bounce, parents feel safe, shareholders smile too.
The fact it may not work seems to be of little importance :)

How it's done (gelatin, not Gummi Bears) (4, Informative)

PatPending (953482) | more than 3 years ago | (#34046598)

Quoting from the end of the fine article (emphasis added by me).

Tsutomu Matsumoto, a Japanese cryptographer, uses gelatin, the stuff that Gummi Bears are made out of. First he takes a live finger and makes a plastic mold. (He uses a free-molding plastic used to make plastic molds, and is sold at hobby shops.) Then he pours liquid gelatin into the mold and lets it harden. (The gelatin comes in solid sheets, and is used to make jellied meats, soups, and candies, and is sold in grocery stores.) This gelatin fake finger fools fingerprint detectors about 80% of the time.

His more interesting experiment involves latent fingerprints. He takes a fingerprint left on a piece of glass, enhances it with a cyanoacrylate adhesive, and then photographs it with a digital camera. Using PhotoShop, he improves the contrast and prints the fingerprint onto a transparency sheet. Then, he takes a photo-sensitive printed-circuit board (PCB) and uses the fingerprint transparency to etch the fingerprint into the copper, making it three-dimensional. (You can find photo-sensitive PCBs, along with instructions for use, in most electronics hobby shops.) Finally, he makes a gelatin finger using the print on the PCB. This also fools fingerprint detectors about 80% of the time.

Gummy fingers can even fool sensors being watched by guards. Simply form the clear gelatin finger over your own. This lets you hide it as you press your own finger onto the sensor. After it lets you in, eat the evidence.

Re:How it's done (gelatin, not Gummi Bears) (1)

Ed Avis (5917) | more than 3 years ago | (#34046730)

Yes, this is one of the wrongest article headlines I've seen, even on Slashdot.

Re:How it's done (gelatin, not Gummi Bears) (0)

Anonymous Coward | more than 3 years ago | (#34046758)

"Gummy fingers can even fool sensors being watched by guards. Simply form the clear gelatin finger over your own. This lets you hide it as you press your own finger onto the sensor. After it lets you in, eat the evidence."

Probably not the best idea to "eat the evidence" considering it has been in contact with something that every other filthy finger has touched.

Re:How it's done (gelatin, not Gummi Bears) (0)

Anonymous Coward | more than 3 years ago | (#34046874)

Probably not the best idea to "eat the evidence" considering it has been in contact with something that every other filthy finger has touched.

If you've been living in a basement unexposed to the world for so long that your immune system can't handle simple and basic germs, you probably shouldn't be breaking into high security areas anyway. :p

Re:How it's done (gelatin, not Gummi Bears) (1)

Warhawke (1312723) | more than 3 years ago | (#34046806)

Isn't this exactly what Mythbusters did on their cryptography episode?

Re:How it's done (gelatin, not Gummi Bears) (1)

Hognoxious (631665) | more than 3 years ago | (#34046896)

What has making fake fingers got to do with cryptography? Then again, you did say mythbusters...

Re:How it's done (gelatin, not Gummi Bears) (1)

Bender Unit 22 (216955) | more than 3 years ago | (#34047206)

I think it has something to do with explosions.

Re:How it's done (gelatin, not Gummi Bears) (1)

PseudonymousBraveguy (1857734) | more than 3 years ago | (#34047048)

Gummy fingers can even fool sensors being watched by guards. Simply form the clear gelatin finger over your own. This lets you hide it as you press your own finger onto the sensor.

This technique also has the added benefit that the gelantine will have the correct temperature, so fingerprint sensors that measure temperature will also be foiled. If the gelantine is thin enough, it might even foil pulse detectors, so you'll pass the most common "life detectors".

Re:How it's done (gelatin, not Gummi Bears) (1)

dbIII (701233) | more than 3 years ago | (#34047080)

cyanoacrylate adhesive

In the early 1990s I was using that to examine pipework in power stations for early signs of high temperature damage. I would grind, polish and etch the pipe then stick cyanoacrylate on the surface. I would peel it off and examine it under a microscope at up to 800x or after gold coating an electron microscope at even higher magnifications.
There is no fingerprint scanner on earth that would be able to tell the difference on resolution alone.

Re:How it's done (gelatin, not Gummi Bears) (1)

mbstone (457308) | more than 3 years ago | (#34047122)

But if the surface of the fingerprint scanner was covered in cyanoacrylate, good luck getting your fingerprint back....

...or just watch Mythbusters (1)

Joce640k (829181) | more than 3 years ago | (#34047084)

They invented all that, not some Japanese guy.

(If the show isn't a trick...)

Video of how they did it (0)

alienunknown (1279178) | more than 3 years ago | (#34046616)

Video of how they did it. Not included with the article for some reason: here [youtube.com] .

Mythbusters did something similar (3, Informative)

PatPending (953482) | more than 3 years ago | (#34046636)

Until Discovery Communications has it taken down--

http://www.youtube.com/watch?v=LA4Xx5Noxyo

if they don't have teachers.. (1)

gl4ss (559668) | more than 3 years ago | (#34046676)

..they shouldn't be getting money to pay for teachers.

swipe cards would be enough if the teacher actually paid attention when the kids are swiping the cards.

is it a movie theater or a school?

Over-hyped as usual (3, Interesting)

PerformanceDude (1798324) | more than 3 years ago | (#34046678)

So, the school introduces this and the headline is: Students may be able to circumvent it using gummy bears. Boo hoo!! As if any other measure may not be circumvented. A simple supervision or CCTV of the scanner would detect any circumvention attempt.

I'll be more impressed when they have an article that says: Kids circumvented fingerprint scanners at school using gummy bears.

Kids should be in school. Period. Our present breed are just as crafty as we used to be back in the day in trying to avoid the system. That is how you create innovative kids in the first place. Those kids who defeats this totalitarian system and gets away with it - well - they deserve the day off :)

Re:Over-hyped as usual (1)

vadim_t (324782) | more than 3 years ago | (#34047252)

So, the school introduces this and the headline is: Students may be able to circumvent it using gummy bears. Boo hoo!! As if any other measure may not be circumvented. A simple supervision or CCTV of the scanner would detect any circumvention attempt.

First, to do this you don't need to do something highly obvious like pulling a gummi bear out of your pocket and mashing it against the sensor. You can make a thin strip, and stick it to your finger, then go through all the usual motions.

Second, sure, with enough work it could be detected. But the point of this is to avoid work in the first place. You might as well ditch the scanner and go back to having teachers do the check.

Old news (0)

Anonymous Coward | more than 3 years ago | (#34046716)

This has been know for years. I used to work for a company that produced electronic locking devices and biometric readers when I got in contact with a professor in Japan who had discovered this method. He mailed me full, detailed documentation on how to fool most biometric fingerprint readers with a "gummy finger". His method involved lifting fingerprints via transparent tape and using a photosensitive circuit board to manufacture a fingerprint mold, which could then be used to form the gummy finger. Some biometric devices worked with just the gummy finger and some that measured capacitance simply required you to lick the gummy finger beforehand. Afterwards, you could just eat the thing, thereby eliminating any evidence of its existence.

We're looking into this... (0)

Anonymous Coward | more than 3 years ago | (#34046826)

As a sysadmin at an Australian high school, I've been asked by my Principal to check into the current state of these systems.

I raised the concern that kids are just going to find some way to dupe whatever electronic system is put in place. He agreed. He then stated that there's nothing stopping kids from impersonating their mates when the roll call is made, giving a false 'present'.

I thought, well, fair enough.

He put his rationale to me this way: if roll call takes five minutes per lesson, and there are 20-ish lessons per week, then a student initiated roll marking system is going to recover a sizable portion of 100 minutes a week, or around 60 hours over run of a school year. This time can then be spent TEACHING the students who are there to learn. A lot can be taught in 60 hours.

What about the kids who skip class? There are processes in place to deal with those. Ultimately, their absence is going to be manifest itself in all sorts of problems for them later - all of their own doing. Meanwhile, they're not in class distracting those that are there to do what they are there for.

AC, because I'm a decade-long /. lurker and can never be bothered signing up. Feel free to not waste mod points on me.

Called me old fashioned (2, Insightful)

acwebguy (923436) | more than 3 years ago | (#34046828)

Called me old fashioned, but whatever happened to teachers actually knowing their kids and simply taking attendance that way?

Re:Called me old fashioned (1)

SeaFox (739806) | more than 3 years ago | (#34047180)

Enlarging class sizes in the face of budget shortfalls means it becomes more difficult for teachers to actually learn and keep track of that many students and roll call becomes impractical due to time constraints, not to mention knowing your class enough you can tell if the person you called on is the same one answering as present.

Substitute teacher .... (1)

PolygamousRanchKid (1290638) | more than 3 years ago | (#34046836)

I faintly remember back in high school, when we had substitute teachers sometime. One was particularity dim, so most folks cut that class. I was in it, and the substitute teacher passed around a paper for all the students to sign in. There were three of us in the class, and about three hundred names were on the list that we passed back: "Who's Dick Hertz?", etc.

Students will always find a way to get around stuff like this . . . .

Matt? "Present Miss" (4, Insightful)

thegarbz (1787294) | more than 3 years ago | (#34046842)

"Chris?"
"Here Miss"
"Peter?"
"Present Miss"
"Well it looks like everyone who's going to be here is here already, let's get started!" She thought knowing full well that a few of the students skipping the class will be reported to the principle yet again.

Fingerprints? Really? Whatever is wrong, it's not the fault of the system that has served us for hundreds of years, and doesn't need some stupid technology to fix it.

Re:Matt? "Present Miss" (0)

Anonymous Coward | more than 3 years ago | (#34047254)

Fingerprints? Really? Whatever is wrong, it's not the fault of the system that has served us for hundreds of years, and doesn't need some stupid technology to fix it.

Conditioning in the Pavlovian sense of the word.

The real question... (0)

Anonymous Coward | more than 3 years ago | (#34046846)

The real question is why they even need advanced tech solutions to determine attendance in the first place. Last I checked, role call isn't prone to security breaches, hacks (well, maybe on the data after), or any kind of clever foiling. Card swiping? Fingerprint scanners? All that looks like a downgrade not and upgrade to me...All this sounds like

Didn't the Mythbusters do this already? (0, Redundant)

jonwil (467024) | more than 3 years ago | (#34046932)

Didn't the Mythbusters bust the myth that "fingerprint scanners are secure" already?

Is it really that difficult? (1, Insightful)

Anaerin (905998) | more than 3 years ago | (#34047006)

Several teachers that I had relied on the class staying pretty constant, and gave each student a number in alphabetical order. To "Call roll", you would listen for the number before yours, and after that was said by the student in question, you would say yours. Any absences were immediately obvious, and it took no more than a minute to finish it.

What Absolute Nonsense (0, Offtopic)

CuteSteveJobs (1343851) | more than 3 years ago | (#34047078)

> Gummi Bears... worked against a bunch of scanners that detect electrical charges within the human body, since gelatine has virtually the same capacitance as a finger's skin.

Ridiculous. Bovine Gelatine has a completely different capacitance from Human Skin. Only Human Gelatine could give that sort of result. Wait. Human. Gelatine. Gummi Bear. A barber shop quartet. Scopie. Illinois. Orca. A Big Fat Guy. Gummi Bear. Gummi. Gelatine. Human. People.

Re:What Absolute Nonsense (0)

Anonymous Coward | more than 3 years ago | (#34047224)

> Gummi Bears... worked against a bunch of scanners that detect electrical charges within the human body, since gelatine has virtually the same capacitance as a finger's skin.

Ridiculous. Bovine Gelatine has a completely different capacitance from Human Skin. Only Human Gelatine could give that sort of result. Wait. Human. Gelatine. Gummi Bear. A barber shop quartet. Scopie. Illinois. Orca. A Big Fat Guy. Gummi Bear. Gummi. Gelatine. Human. People.

So let the green Gummi Bears are people?

Kids Are Alright (3, Insightful)

mbstone (457308) | more than 3 years ago | (#34047112)

While school kids may yet learn to scam extra lunches and play hooky through the use of gummi candy biometrics, the headline is bogus. None of the linked articles reported that any kids anywhere are doing anything with gummi bears except fucking up their teeth.

Maybe an Orwellian society isn't so bad (1)

mykos (1627575) | more than 3 years ago | (#34047128)

Kids' ingenuity is always at its best when fighting the man. Maybe they'll be smart and Orwellian. You know, like the Chinese.

...Bueller? (0)

Anonymous Coward | more than 3 years ago | (#34047130)

Bueller? Bueller? .. Bueller?

Absolute Rubbish (1)

abigsmurf (919188) | more than 3 years ago | (#34047162)

Pure gelatine may (or may not) have the exact same capacitence... But what about the sugar, flavourings etc?

Then there's the fact that if you pressed your finger into a gummi bear, it's not going to create a lasting or deep impression. Perhaps if you really squashed the gummi bear it would create a detailed, lasting impression but then you're going to be left with a fragile, thin piece sheet of gelatine that would fall apart if you pressed it on the scanner.

Yes you could create a mould of the finger and fill it with pure gelatin but a 11year old would struggle to create a detailed enough mould without being helped and it's simply too much hassle for a kid to attempt. It would be easier to clone a magnetic strip, tell someone a passcode, get someone to forge a signiature or simply to say "here" when their name is called out.

Thought we could relax with a song... (1)

quotient (1930408) | more than 3 years ago | (#34047222)

Oh I'm a gummy bear, yes I'm a gummy bear Oh I'm a yummy, tummy, fingerprint stealing gummy bear, oh yeah!

"eat the evidence" (0)

Anonymous Coward | more than 3 years ago | (#34047248)

Just wow. I work where we have these things and there is NO way I could do that. Maybe I am OCD but after they were installed I started to look at how people behaved with their hands and fingers. WAY too many nose pickers that I had never noticed before. We have a sanitizer station by each one but I would prefer a little flaming jet of natural gas sometimes.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?