×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Fingerprint Scanners Still Easy to Fool

michael posted more than 9 years ago | from the mission-possible dept.

Security 378

Anlan writes "A Swedish student wrote her Master's thesis about current fingerprint technology. After a thorough literature study some live testing took place. Simple DIY fingerprint copies were used (detailed how-to in the thesis). Have current commercial products improved as much as proponents claim? Well, this qoute from the abstract says it all: 'The experiments focus on making artificial fingerprints in gelatin from a latent fingerprint. Nine different systems were tested at the CeBIT trade fair in Germany and all were deceived. Three other different systems were put up against more extensive tests with three different subjects. All systems were circumvented with all subjects' artificial fingerprints, but with varying results.' You can guess how happy the sales people at CeBIT were - most systems claim to be spoof proof..."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

378 comments

OH NOES! GARGAMEL FOUND TEH VILLAGE!!!~`1 (-1, Troll)

Anonymous Coward | more than 9 years ago | (#9527458)

SMURFETTE GANG BANG!!!`1~~ (-1, Troll)

Anonymous Coward | more than 9 years ago | (#9527526)

plz continue to mod -1 trool. the only way i can get my lazy cowrokers to do any fucking work is if i get an ip ban going on for the office. kthxbye

THIS MEANS YOU, JAMES (LAZY FUCKER) (-1, Troll)

Anonymous Coward | more than 9 years ago | (#9527555)

YOU TOO MCCARTHY. DO SOME F'ING WORK (-1, Troll)

Anonymous Coward | more than 9 years ago | (#9527577)

Airport Police (5, Insightful)

mirko (198274) | more than 9 years ago | (#9527463)

So, will they remove these fingerprint scanners, in the US Internaitonal Airport ?

Re:Airport Police (0)

Anonymous Coward | more than 9 years ago | (#9527559)

People who can fool finger print scanning technology are just innocent citizens who would not abuse their skill. As for terrorists, they do not have the means and motivation for such technology!

Re:Airport Police (5, Insightful)

dave420 (699308) | more than 9 years ago | (#9527607)

No, because it appears like they're actually doing some good. Just like when they had the national guard monkeys running around with M16s. Absolutely no use whatsoever, but makes the American public go "Gee - we're so protected! I love our President(tm)!"

The war on terror isn't about the terrorists, it's all PR.

Re:Airport Police (1, Informative)

Anonymous Coward | more than 9 years ago | (#9527706)

Just like how terrorist activity was up in 2003 but they said it was down; just for PR.

Re:Airport Police (5, Funny)

wo1verin3 (473094) | more than 9 years ago | (#9527651)

>>So, will they remove these fingerprint
>>scanners, in the US Internaitonal Airport ?

No, they'll just continue to refuse letting travellers use gelatin molds in place of their real hands.

Re:Airport Police (5, Insightful)

XryanX (775412) | more than 9 years ago | (#9527723)

I'm sure someone that was trained in stage makeup could easily make a fake finger that would slip over their real one, and yet still look realistic.

They'll stay to raise the threshold... (4, Insightful)

MyNameIsFred (543994) | more than 9 years ago | (#9527792)

There is an old saying that is attributed to the Secret Service. They can't stop someone really dedicated from killing the President. All they can do is raise the level of difficulty so high that the average individual won't be able to do it. I think that is applicable to the fingerprint scanners used in American airports. Yes, they can be beat, but they raise the threshold. They won't catch the dedicated/educated terrorists, but it will help against idiots. And stopping idiot terrorists is still a good idea. And don't fool yourselves, a lot of terrorists are idiots. Just look at the Shoe Bomber, not what I would call England's best and brightest.

As a self-appointed representative of ... (5, Funny)

burgburgburg (574866) | more than 9 years ago | (#9527482)

the Security Industry, I'd just like to say:

Shhhhhhhhhhhhhhhhhhh!!!!!

Please remember this the next time a non-productive "feature" is uncovered.

Easy Solution (5, Funny)

Mz6 (741941) | more than 9 years ago | (#9527494)

Don't let your fingerprints get copied. Wear gloves ALL the time. Problem solved.

Re:Easy Solution (2, Insightful)

endx7 (706884) | more than 9 years ago | (#9527564)

Even when you are using the scanner?

Re:Easy Solution (0)

Anonymous Coward | more than 9 years ago | (#9527647)

Yep, even then.

Wear your gloves when you are getting your fingerprints done to solve the problem.

Re:Easy Solution (4, Insightful)

jacksonyee (590218) | more than 9 years ago | (#9527661)

So what happens when some law enforcement organization such as the police or the passport office want to take your fingerprints? Do you deny their request and don't get anything done, or do you use glove prints rather than fingerprints. Even worse, what if someone hacks into the police database and creates fake gloves with other people's fingerprints etched in them?

As much as the privacy advocates will laugh at this news article, fingerprints have been a proven source of clues for law enforcement agencys for decades. Nowadays, we have more sophisticated methods of detecting whether someone might have been at the scene of a crime or not, but fingerprinting is nice, quick, easy, and obvious. Of course, every system in existence can be fooled, and if you're really willing to break the system, you can. However, I hate to think that people other than the tinfoil hat crowd would be so concerned about fingerprints that they would wear gloves all the time. This is much more a legislative issue than it is a technological issue. Unless we stop legislative processes invading our privacy, technological means will be only a band-aid onto the root of the problem.

Re:Easy Solution (0)

Anonymous Coward | more than 9 years ago | (#9527683)

Man, you are thinking WAY too much into it. It was a joke.

Re:Easy Solution (3, Informative)

Short Circuit (52384) | more than 9 years ago | (#9527737)

There was a piece on NPR last week about an American who was charged with terrorism in Spain because his fingerprint was there. He was in America at the time the event occured, but two fingerprint experts (his own and the FBI's) verified that the prints matched.

Fortunately for him, Spain independantly matched the fingerprint to a known terrorism suspect then in Spain. The only reason the fingerprint matched the American was because it was slightly smudged.

J311-0 (5, Funny)

lunarscape (704562) | more than 9 years ago | (#9527496)

The experiments focus on making artificial fingerprints in gelatin from a latent fingerprint

That's great to know that some of the world's most sophisticated security systems can be circumvented with Jell-O

Re:J311-0 (0)

Anonymous Coward | more than 9 years ago | (#9527632)

Mr Biafra unavailable for comment.

Re:J311-0 (4, Funny)

Braingoo (771241) | more than 9 years ago | (#9527649)

Bill Cosby would be proud Hey kids would jou like to try some Jell-o. jou can even use it to steal yor parents credit card number to buy more jell-o!

So if you can open your car with fingerprints... (3, Insightful)

cacheMan (150533) | more than 9 years ago | (#9527498)

make sure not to touch your car much or leave it parked in the same place too long.

fix? (2, Interesting)

ncurses (764489) | more than 9 years ago | (#9527503)

An easy way to fix this, although I am no expert, is to make the fingerprint scanners heat sensitive. If the fingerprint matches and is within 1 degree of 98.6 F, then it opens. I think that would prevent people from holding a thing of gelatin against it, and it would prevent people from holding a lighter under it, because it has to be within 1 degree. It's not a flawless way to fix it, but it would make it at least a bit more difficult to foil, neh?

Re:fix? (1)

nearl (612916) | more than 9 years ago | (#9527533)

What about people like me that have a running temp of around 97.0 degrees. I am suspecting that the range of temperatures that it would have to cover is greater than you think.

Re:fix? (1)

mirko (198274) | more than 9 years ago | (#9527562)

He should infra-red scan you in order to determinate your actual average temperature and then check that your fingerprint's temperature measuzres accordingly and expectedly.

Re:fix? (1)

Threni (635302) | more than 9 years ago | (#9527589)

>He should infra-red scan you in order to determinate your actual average
>temperature and then check that your fingerprint's temperature measuzres
>accordingly and expectedly.

How would that work in winter?

Re:fix? (1)

mirko (198274) | more than 9 years ago | (#9527655)

The fp scanner would supposedly be indoors.

Re:fix? (1)

Threni (635302) | more than 9 years ago | (#9527787)

> The fp scanner would supposedly be indoors.

Ok. I was thinking about a solution that worked on outside doors, ATM machines etc.

Re:fix? (5, Insightful)

tomcio.s (455520) | more than 9 years ago | (#9527534)

Not at all actually, your extremedies (hands, feet) change temperature faster than the core of your body, and most people's extremedies are either colder (more common) or warmer (?) than the core of their body. So to make it heat sensitive would be to deny access to most users.

Re:fix? (1)

Mz6 (741941) | more than 9 years ago | (#9527540)

OK, So, is there a time limit then that exists that you have stand there and hold your finger against the sensor? The average internal body temperature is ~98.5, but that doesn't mean your external temperature would be the same or be a constant all the time and between different people. I'm not so sure that would work.

Re:fix? (3, Insightful)

ecklesweb (713901) | more than 9 years ago | (#9527550)

A person's external skin temp is going to be a lot less than 98.6, and I think it's going to be a lot more variable than a person's internal temperature. Even if that wasn't true, your system would deny access to anyone with a cold and a 1.1 degree fever. Beyond all that, how much harder would it be to mold that fake fingerprint into, say, latex intead of gelatin, and then putting it on the end of an electric heater that pumps out your magic 98.6 degrees?

Is this is the state of our security today?

Great minds think alike (4, Informative)

VinceWuzHere (733075) | more than 9 years ago | (#9527557)

From the document abstract... "A description of different liveness detection methods is presented and discussed. Methods requiring extra hardware use temperature, pulse, blood pressure, electric resistance, etc., and methods using already existent information in the system use skin deformation, pores, perspiration, etc."

Re:Great minds think alike (1)

afidel (530433) | more than 9 years ago | (#9527748)

The best system I have seen so far is the U.are.U 4000 [sciam.com] . This system uses multiple CMOS camera's to construct a 3D image of the ridgelines which is not easily defeated by a gelatin mold (rarely do they build a good 3D map), if they added a camera which was sensitive to IR they could take a temerature or bloodflow measurement and make it basically foolproof. Besides which a 3D gelatin mold is basically impossible to obtain without the subject's knowledge. Also the way we are using the U.Are.U for our client involves a password, the scanner, and a hardware token/encryption system, to defeat this system you would have to record his password, obtain a 3D fingerprint mold, AND steal his hardware token! He is an engineer taking a laptop full of trade secrets with him to the far east and his company is worried about theft of the data.

Re:fix? (4, Interesting)

SlamMan (221834) | more than 9 years ago | (#9527561)

Won't work, for all the reasons specified. However, what about recording the body temperature as well as the fingerprint?

Re:fix? (1)

ncurses (764489) | more than 9 years ago | (#9527784)

Well, then even the thief would have the same temp as the intended person.

How about a plain ol' number/key pad.

p498mgyespr2fmg is harder to crack than a fingerprint.

Re:fix? (1)

spectrokid (660550) | more than 9 years ago | (#9527565)

Another good one would be conductivity and capacitance. Easy to measure, should be within a certain range... Gelatine is probably higly resistive.

Re:fix? (2, Interesting)

HaloZero (610207) | more than 9 years ago | (#9527602)

Unless it's ballistics gelatin. The stuff, allegedly, can almost match the conductivity of human flesh. Don't you watch MythBusters? (:-P)

Re:fix? (2, Interesting)

Ralph Wiggam (22354) | more than 9 years ago | (#9527650)

I've worked with machines that try to calculate body fat percentage by measuring conductivity across a person's body. What they really measure is how hydrated a person is. The fluctuation is proably less when measuring just a finger or hand. Hand lotion would proabably mess with conductivity, too.

-B

Re:fix? (1)

timlee (303958) | more than 9 years ago | (#9527588)

I don't think that will work. Body surface temprature and core body temprature differs a great amount. In fact, body surface temprature differs by varying amounts. Have you ever shook someone's hand and realized that they were ice cold? That sort of thing will pose a problem to temprature sensors.

The best way to keep someone from going in your front door is to simply put more locks on your door. I say use a series of recognition devices varying from high tech solutions (voice or iris scanners) to to low tech solutions (security guards).

Re:fix? (3, Insightful)

AKAImBatman (238306) | more than 9 years ago | (#9527590)

It's not a flawless way to fix it, but it would make it at least a bit more difficult to foil, neh?

It would also be impossible to use. 98.6 degrees is the temperature of certain orifices in your body. These orifices are generally pretty good at maintaining a certain amount of heat. However, your hands and feet are extremities that do not keep a constant temperature. In fact, your body will sometimes shut off the blood flow if it needs the heat somewhere else.

This means that you'll never be able to accurately predict the lower bounds of finger temperature. Someone may have just been outside in cold weather. Or they may have poor blood flow to their hands (e.g. my wife's hands barely even show up on an heat sensitive screen). Similarly, they may have just touched a warm car door, or lit up a cigarette. Maybe they have some coffee in their hands.

Basically, there's almost no way short of human or artificial intelligence to near flawlessly determine if the fingerprint belongs to a real human or not.

Re:fix? (5, Insightful)

stratjakt (596332) | more than 9 years ago | (#9527600)

The temperature of your fingertips is going to vary widely. If you've been holding a cup of coffee, it'll jack up to 110, 120 maybe, if you just came inside it could be down around 60 or so.

98 degrees is an average core body temperature, extremedies generally run cooler. Thats why your testicles hang down - they dont work at 98 degrees, they need to be cooler. It's also why briefs and tight pants make you sterile.

Besides, all you'd have to do is put the fake finger in a cup of warm (98 degree) water..

I think the real solution is to realize that this kind of shit only works in movies or cartoons right now.

Re:fix? (1)

evenparity (569837) | more than 9 years ago | (#9527603)

I wouldn't think so. The intruder would just keep the jello in his pocket until he was ready to foil the scanner. Moreover, 98.6 is mean body temperature. Not only does it range from person to person, but from body part to body part. The problem with all these systems is that they still relies on a static digitization of something that can be attacked at another level. It is not hard to spoof the hardware. Was it on slashdot that I was reading about security cameras that analyzed a person's gait? I think would be harder to fool. (Just don't show up drunk.)

Re:fix? (0)

Anonymous Coward | more than 9 years ago | (#9527617)

Though core body temperature may average 98.6 F, the surface temperature of the skin varies tremendously. The use of temperature seems an unlikely fix because of the inherent variability of skin temperature. Imagine, for example, not being able to get into your fingerprint-keyed car because your hands are too cold.

Re:fix? (2, Interesting)

lachlan76 (770870) | more than 9 years ago | (#9527673)

And what if i'm sick and I need to go through?

How many people would want to live at work every time they get the flu? Someone would let them out eventually, but it makes thing harder. And I can rub the gelatin mould in my hand, to warm it up.

Re:fix? (1)

Mordaximus (566304) | more than 9 years ago | (#9527743)

Other posters have pointed out that 98.6F is core temperature. But I can think of at least three perfectly normal and understandable reasons why a person's finger temperature would be hotter / colder than normal :

-the user was holding a coffee, or a can of soft drink before trying to gain admittance.

-Or it's winter and they just took off their gloves.

-User went to washroom, and cleaned their hands, with water that is colder or warmer than their skin temperature, or dried them with friction or blown heat.

-They are ill even!

You're on the right track though... fingerprints alone cannot be trusted. Finger temperature is not the way to go though.

Re:fix? (1)

hplasm (576983) | more than 9 years ago | (#9527747)

Just for interest, when did the mean human body temp change from 98.4 to 98.6 F? Did I miss the memo?

Re:fix? (1)

neodymium (411811) | more than 9 years ago | (#9527814)

Did you read the thesis at all ? In there, it is explicitly stated that epidermic temperatures at extremities like hands are between 26C and 30C. Thin silicone oder gelatine layers lower the temperature by max. 2C, so it is well in the accepted range.

In the great words of Sean Connery (5, Funny)

imranius (786955) | more than 9 years ago | (#9527510)

"I'll show you a finger, Trebek!"

- SNL Celebrity Jeopardy

Re:In the great words of Sean Connery (0)

Anonymous Coward | more than 9 years ago | (#9527537)

That's no finger - you're faking it!

Something you have and Something you know (5, Insightful)

VinceWuzHere (733075) | more than 9 years ago | (#9527513)

I really don't think that ANY biometric system will be foolproof until the old basic of security is implemented. The scheme is called "Something you have and Something you know" (someone out there does know the right name even if I can't remember it at the moment).

Think of the simple RSA keyfob some of us carry; it gives us a number and we use that PLUS a password to get into secure systems (have + know).

Carry this one step further and have the system check your fingerprint/handprint/iris/whatever PLUS ask for a password.

I personally think it's damn scary in this age of terrorism that someone could fake a biometric and get onto a plane; if the airlines for example issued me a unique password to go along with fingerprint (or whatever) recognition then I'd feel a whole bunch better about the entire process and the underlying technologies.

Re:Something you have and Something you know (4, Insightful)

Tryfen (216209) | more than 9 years ago | (#9527640)

The mantra used to be something you know (password), something you have (ID card), something you are (fingerprint).

The problem is that "something you are" is just a really weak version of "Something you have". Why is it weak? Because once it is compromised, you can never get it back. Never.

If my RSA fob is stolen, I can get it reissued. If my password is stolen, I generate a new one. What am I supposed to do when my fingerprint shows up on Kazza? Sure, I can use one of the other nine, then once they're compromised, use my toes, after that...?

Biometrics have a (small) part to play in security. But relying on them for anything important is daft.

T

Re:Something you have and Something you know (3, Interesting)

BluedemonX (198949) | more than 9 years ago | (#9527668)

The reason why many of these systems don't have a "something you have, something you know is".... because somebody (whose "software company" consists of nothing but patent lawyers sitting on ideas) patented that idea.

None of the companies that manufacture biometric scanning technology can implement that without running afoul of the patent.

And the amount this shyster company is asking for is ludicrous. Hence, that kind of system is never used.

Re:Something you have and Something you know (3, Informative)

Anonymous Coward | more than 9 years ago | (#9527653)

Right, because the 09/11 hijackers had to fake ID to get on their planes. Oh wait. No, they didn't--they complied with all ID requirements using their real ID.

If you must fear something, fear sleeper agents more than known international terrorists. Besides, terrorists hit where you don't expect (so, planes should be safe for the foreseeable future).

Re:Something you have and Something you know (1)

vladb (654075) | more than 9 years ago | (#9527732)

I'm wondering if DNA "fingerprinting" (http://en.wikipedia.org/wiki/DNA_fingerprinting) may be a viable alternative to existing technology. For example, conventional finger print probes could be replaced with devices that sample DNA from a skin tissue or a blood sample. I think the former would be a safer method for public access authorization devices (e.g. checking people at airports, private property etc) as it doesn't require drawing of blood.

So you can expect... (2, Interesting)

manavendra (688020) | more than 9 years ago | (#9527519)

..the passports to be changed yet again, to have "better", "smart" fingerprint recognition/imprinting techniques?

Are you surprised? (2, Insightful)

The_Real_Nire (786847) | more than 9 years ago | (#9527529)

These have been, and probably always will be easy to fool. If anyone needs ultra-high security, it's doubtful that they'd choose this form of biometrics to begin with, unless they themselves are foolish.

As is true with any security measure, if it can br beaten, the geeks will find a way.

Re:Are you surprised? (2, Insightful)

Mz6 (741941) | more than 9 years ago | (#9527572)

Which still means that ANY highly secretive area will still be secured by a person (as is with the military). This person will know everyone that is allowed access into that area. Thus no need for a finger-printing device, then an eye scanner like in the movies. People will still do this.

Cheap scanners are easy to fool (0, Troll)

ash5g (167601) | more than 9 years ago | (#9527543)

and always will be. If they could fool the proper scanners than that would be a surprise. Why would you do your master on this? It's like saying that cheap cars are less reliable than luxary ones. Thank you Captiain Obvious.

Re:Cheap scanners are easy to fool (0)

Anonymous Coward | more than 9 years ago | (#9527806)

"It's like saying that cheap cars are less reliable than luxary ones."

My dad just returned an $80,000 Mercedes as a lemon.

It's weak if it's JUST the finger, sure. (1)

Sarojin (446404) | more than 9 years ago | (#9527546)

This certainly doesn't mean that biometrics-based on fingerprints should be ruled out.

Just as you need both a username and a password to log in to any computer system, a combination of a fingerprint and password, or fingerprint and pin should be used for any reasonable authentication.

Combined with decent access controls (this person may only do X at Y time) and a complete audit of actions, fingerprint biometrics can fit nicely into an extremely secure environment.

I'd certainly rather use my finger than my RSA number keychain!

Fingerprint scanners aren't as good as people thin (1)

91degrees (207121) | more than 9 years ago | (#9527551)

While it may be true that your fingerprints are unique, even the fingerprint checking systems used by the police produce a lot of false matches. But this is only a minor problem. You can replace this with DNA testing or an iris scan.

The big problem is that it takes so long for the test to be completed adequately. The only way to speed things up would be to have a single card that has all this data stored on it. this could be read directly by a computer, and processed in considerably less time.

Re:Fingerprint scanners aren't as good as people t (1)

kusma (139069) | more than 9 years ago | (#9527656)


The only way to speed things up would be to have a single card that has all this data stored on it. this could be read directly by a computer, and processed in considerably less time.
And the card should be called Ident-I-Eeze.

Re:Fingerprint scanners aren't as good as people t (0)

Anonymous Coward | more than 9 years ago | (#9527685)

thank goodness for that - after all, it's next to impossible to use someone elses card.

reminds me of one of the h2g2 books in some way . . .

Re:Fingerprint scanners aren't as good as people t (1)

Enry (630) | more than 9 years ago | (#9527705)

While it may be true that your fingerprints are unique, even the fingerprint checking systems used by the police produce a lot of false matches. But this is only a minor problem. You can replace this with DNA testing or an iris scan.

AFIS (Automated Fingerprint ID Systems) are pretty good at matching. Instead of saying "this is the person you're looking for", it gives a weight and gives the top possible matches. It's still up to a human (or humans) to make the final determination that the fingerprint in the database and the one provided by the police is the same.

In the case of the Oregon lawyer who was thought to be connected to the Madrid bombings, the source image provided to the FBI was of inferior quality. In addition, there are questions that the humans were biased looking at that person's record. In that case, it wasn't the AFIS that failed, it was the human element that failed.

IIRC, identical twins have the same DNA. So far, no two people have been proven to have the same fingerprints.

Re:Fingerprint scanners aren't as good as people t (0)

Anonymous Coward | more than 9 years ago | (#9527767)

AFIS (Automated Fingerprint ID Systems) are pretty good at matching. Instead of saying "this is the person you're looking for", it gives a weight and gives the top possible matches. It's still up to a human (or humans) to make the final determination that the fingerprint in the database and the one provided by the police is the same.

That's kinda the problem. It's fine for police investigations, since it's worth the effort of a human poring over the information, but for security, I don't like the idea that someone may have a fingerprint that's a good enough match to get into my car.

Re:Fingerprint scanners aren't as good as people t (1)

fatgeekuk (730791) | more than 9 years ago | (#9527786)

No, No, NO, NO, *NO*...

NEVER EVER have data used for authentication physically ON the security token...

The black hats just write their own details to a card and have done with it.

You should only have an identifier on the card that is used only for keying a record from a (supposedly) secure database.

This identifier should be used nowhere else, so as to limit the data exposed if a card falls into the wrong hands.

fingerprints at all... (5, Interesting)

tuxette (731067) | more than 9 years ago | (#9527591)

Probably old news to some, but here's an interesting article [theregister.co.uk] about how fingerprints are perhaps not infallible, unique ID, with a link to this article [newscientist.com]

Who cares about the scanners when the real problem lies in something entirely different?

A more foolproof method (2, Funny)

foidulus (743482) | more than 9 years ago | (#9527601)

For the Swedish bikkinni team anway, should use other "appendages" to authenticate the message.

Okay. (5, Insightful)

Red Dane (771396) | more than 9 years ago | (#9527609)

Just wanted to interject... I suppose it depends on whether you have one that bounces small radio signals off of the inside of your finger or one that simply captures an image. Certain fingerprint readers bounce radio signals off of the inside of your finger and read the underlying tissue structure (no, I'm not going to plug the product here). This prevents people from doing what she did at the trade convention. Fingerprint technology is always improving, and I'm sure that the industry will take this to heart and make these things even more complex. When you get right down to it, the systems aren't as complex as you might think. Most fingerplate templates weigh in from anywhere to 300 - 600 bytes in size.. but that is more to ease hardware requirements. I think they will combine other methods in the fingerprint taking process and eliminate these problems. Just my take on it, tear it apart guys ;)

Re:Okay. (1)

ash5g (167601) | more than 9 years ago | (#9527714)

Yep, alot of scanners now read the bottom layer of skin, to protect against faking, and also against scratches and abrasions/scratches on the upper layers of skin. This also get's rid of most latex and gelatin workarounds.

Oh, come on.... (1)

Mz6 (741941) | more than 9 years ago | (#9527764)

"(no, I'm not going to plug the product here)"

Plug the product... I would be interested to find out who is doing this type of research and looking up documentation on how it works if possible. Sounds interesting. Post as AC or something :)

Easy fix (1, Funny)

Anonymous Coward | more than 9 years ago | (#9527613)

A light spray of hydrochloric acid could be used to clean the hands before a scan is performed.

Lo-tech method (3, Interesting)

Zog The Undeniable (632031) | more than 9 years ago | (#9527627)

I believe c't magazine successfully fooled more than 50% of scanners by placing a clear plastic bag, filled with water, on top of the glass. This makes the greasy residue of the genuine user's fingerprint show up clearly to the scanner.

Oily Mess (1)

artlu (265391) | more than 9 years ago | (#9527629)

What about all the oil from fingerprints. Do the replicas have oil as well in order to leave an actual fingerprint on the system or does it just scan the pattern of print like a flatbed scanner?

GroupShares Inc. [groupshares.com] - A Free and Interactive Stock Trading Community

james bond (1)

joeldg (518249) | more than 9 years ago | (#9527648)

wasn't this same thing done in a james bond movie from the about the early 80's?

I seem to remember him picking off some fake fingerprints he used to pick up a wineglass with at some womans place (who 'gasp' turned out to be a spy for the 'other' side..)

Re:james bond (2, Informative)

dcphoenix (528517) | more than 9 years ago | (#9527757)

You're right about that. It was in Diamonds Are Forever. Bond was posing as a diamond thief, if I'm remembering correcting, while meeting with the real theif's contact for something. The real theif and the contact had never actually meet face to face before and the only identification she had to verify his identity were his finger prints. So, Q mad a set of fake "press on" prints for Bond.

Re:james bond (1)

joeldg (518249) | more than 9 years ago | (#9527776)

yea.. that is the movie..
thanks, was sitting here poking around IMDB trying to remember which one that was.

The CIA will love this (3, Interesting)

Timesprout (579035) | more than 9 years ago | (#9527674)

If its so easy to falsify fingerprints then they will want more. Say hello to have a DNA sample taken at birth to be used as ID for the rest of your monitored exixtence.

Re:The CIA will love this (1)

PhrostyMcByte (589271) | more than 9 years ago | (#9527721)

bah @ dna sample. it may be unique but i think some skin would be easier to get than a fingerprint.

This doesnt apply to most commercial scanners (1)

ash5g (167601) | more than 9 years ago | (#9527675)

Most fingerprint scanners have the tech. to measure if the substance scanned is real skin or not, based on the surface resistance, so latex copies don't work at all. It's a wonder most of these devices at these trade shows still can't do this. Pretty embarrasing really.

Why am I not surprised... (1)

LoganTeamX (738778) | more than 9 years ago | (#9527686)

People have been fooling fingerprint and ocular scanners for years. It's going to take the next quantum-leap in sensing technology to render artifical fingerprints less effective.

A question about Linux/PAM and biometrics.. (-1, Offtopic)

stratjakt (596332) | more than 9 years ago | (#9527689)

Since I put OpenLDAP on one of my boxes, and configured it all up.. It works but I'm having a problem.. When I ssh in as root, it asks my password - I give it, then it says denied and asks my password again, this time it will accept it.

I think the auth is failing on LDAP, then being accepted by unix. The root user doesn't exist in LDAP, I don't want any system users in there, just regular network folks (ie; actual people, no bin or ftp or root). It should bypass LDAP when it doesnt find a cn=root entry, and just auth against the local /etc/passwd file. LDAP users log in fine.

It's a bigger problem when I try to log in as a regular user, then su to root. Then you only get one shot at giving a password, which fails. Also, I can't use the passwd command on root for the same reason (it asks for the old password once, fails, and thats that).

So, what gives?

Here's my system-auth file.

auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so use_first_pass

account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so

password required /lib/security/pam_cracklib.so
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_unix_passwd.so use_first_pass md5 shadow

session required /lib/security/pam_unix_session.so

Oh yeah, OpenLDAP is a kind of fingerprint scanner that works on Jell-O. (Slashdot mods are probably too stupid to know I'm lying).

It's wafer thin... (4, Funny)

MojoRilla (591502) | more than 9 years ago | (#9527700)

From the thesus...

The main problem with liveness detection methods based on extra hardware, is that the scanners have to be adjusted to operate e±ciently in different kinds of environments, leading to problems when using a wafer-thin artifcial fingerprint glued on to a live finger.

And finally, monsieur, a wafer-thin fingerprint. Oh sir...it's only wafer thin.

Only one foolproof biometric system I can think of (0)

Anonymous Coward | more than 9 years ago | (#9527702)

Human-sized gas chromatograph.

The subject to be scanned would be analyzed in a gas chromatograph. It is highly unlikely that anyone would be able to reliably spoof your spectra. It could even be used to tell if you were on drugs or needed to lose some weight.

another solution.... (1)

Bog Standard (743863) | more than 9 years ago | (#9527713)

is to use a retina scanning devices instead. After all it is much harder to remove a persons eyeball than it is their finger. No sig required

Re:another solution.... (retina scanning) (1)

schatten (163083) | more than 9 years ago | (#9527761)

but what are the changes that can evolve with the retina? deterioration/separation and other abstracts that will change?

Could someone explain 4.5.3 to me? (1)

John Harrison (223649) | more than 9 years ago | (#9527754)

What does liveness detection have to do with the problem of a twin/clone having similar fingerprints? Unless your twin/clone is dead I can't see how it would make a difference.

Re:Could someone explain 4.5.3 to me? (5, Informative)

Apocalypse111 (597674) | more than 9 years ago | (#9527807)

I myself have an identical twin brother, and our fingerprints are nothing alike. Fingerprints are a developmental feature, not a genetic one.

even if they did work (2, Interesting)

Nf1nk (443791) | more than 9 years ago | (#9527763)

they may not work for me. I have a chemical burn on three of my fingers on my right hand. It still hasn't healed properly and the scar tissue keeps rearanging itself (small blisters keep forming). My other hobby, wood carving, leaves me with several fresh cuts on my hands and fingers each week, from these I can see changes in my prints.

Re:even if they did work (1)

ash5g (167601) | more than 9 years ago | (#9527812)

Modern fingerprint scanners should read the bottom layer of skin which also has the the same fingerprint as the top layer. Unless you have third degree burns on both hands or really deep cuts they should read fine.

I have a problem myself (1)

timts (766509) | more than 9 years ago | (#9527773)

after doing long hours of cleaning at home, one of my finger seems to be "too smooth" after soaked in the chemical water, even I wore gloves, there's still plenty got into it, now I have 1-2 fingers which barely have any fingerprint.

I am really worried now.

Accidental Discovery (4, Interesting)

The Slashdolt (518657) | more than 9 years ago | (#9527779)

In a former career I spent time mixing cement. One day I was mixing a small amount in a 5 gallon bucket. At the time I had nothing to mix it with so I used my hand. After mixing I washed my hand and it was amazingly smooth. I didn't think much more about it. The next day the skin on my hand was very sore. I looked at it and noticed that the mixing had worn down the top layes of skin on my hand. To the point where I barely had any fingerprints at all. So if you want to remove your fingerprints temporarily in a somewhat painful(but not excruciating) way, just mix up a bucket of concrete with your hand..... Hmmmm, is this a circumvention device?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...