Ann Harrison, SecurityFocus 2003-08-13
Two German hackers say they have developed a technique to defeat biometric fingerprint scanners used to authenticate electronic purchasing systems. Unlike an earlier fingerprint attack developed by the pair last year, this system creates latex fingertip patches designed to be used while under observation.
Colapse all |
Post comment
Hackers Claim New Fingerprint Biometric Attack
2003-08-14
Anonymous (2 replies)
Anonymous (2 replies)
Hackers Claim New Fingerprint Biometric Attack
2003-08-14
Anonymous
Anonymous
You're missing the point of the article. You cant take a finger sensor and fume it with super glue. They use the dusting method which is very quick to grab a print onto tape .. Once they have the print they recreate it onto the circuitboard to it can be "pressed" into latex as latex skin you can act...
[ more ] [ reply ]
[ more ] [ reply ]
on Superglue
2003-08-18
Trixter
Trixter
There is one problem that I can readily see with using the superglue fuming method. You get a negative of the print.
When I touch something the bumps on my finger leave oil deposits. If superglue fumes bond to those bumps and harden and I use that as a mold for the latex then they will create...
[ more ] [ reply ]
When I touch something the bumps on my finger leave oil deposits. If superglue fumes bond to those bumps and harden and I use that as a mold for the latex then they will create...
[ more ] [ reply ]
Hackers Claim New Fingerprint Biometric Attack
2003-08-14
Irving Washington (1 replies)
Irving Washington (1 replies)
This is really only "news" for CNN etc.. Biometrics Community understands all this atuff already. Per Bruce Schneier, using redundant layers of low cost security "speed bumps" to cumulatively reduce (not eliminate) risks still makes sense. At our site, the bio sensor is removable from PCs and only...
[ more ] [ reply ]
[ more ] [ reply ]
Hackers Claim New Fingerprint Biometric Attack
2003-08-15
Ben Groot
Ben Groot
Reporting this stuff in context...
i think ur right..
security identification is based on a few principles.
Something u know *passpharse*
Something u have *a token*
Something u are *a fingerprint or irisscan*
Depending on the securitylevel u can combine them.
Combined together they ...
[ more ] [ reply ]
i think ur right..
security identification is based on a few principles.
Something u know *passpharse*
Something u have *a token*
Something u are *a fingerprint or irisscan*
Depending on the securitylevel u can combine them.
Combined together they ...
[ more ] [ reply ]
Hackers Claim New Fingerprint Biometric Attack
2003-08-14
Michael (2 replies)
Michael (2 replies)
It will be interesting to see how companies who do not subject their products to third pary testing (Such as Panasonic) fare in the real world. I, for one, would feel more comfortable if they would subject this technology to more than one agency for testing.
This whole age of unique verification...
[ more ] [ reply ]
This whole age of unique verification...
[ more ] [ reply ]
Hackers Claim New Fingerprint Biometric Attack
2003-08-16
Watching (1 replies)
Watching (1 replies)
It was noted by another respondant and it must be kept in mind that the serious players in the fingerprint space have and continue to work on technology that is not easily defeated by such techniques. Our organization uses technology that reads the print at the live layer of skin (saline layer) by ...
[ more ] [ reply ]
[ more ] [ reply ]
Hackers Claim New Fingerprint Biometric Attack
2003-08-18
Roger
Roger
"...technology that is not easily defeated by such techniques..."
Maybe. Bear in mind that Matsumoto's attack (which this just basically replicates) used only $10 worth of materials, a couple of hours work, and an idea they came up with some afternoon with almost no prior knowledge of biometrics....
[ more ] [ reply ]
Maybe. Bear in mind that Matsumoto's attack (which this just basically replicates) used only $10 worth of materials, a couple of hours work, and an idea they came up with some afternoon with almost no prior knowledge of biometrics....
[ more ] [ reply ]
Hackers Claim New Fingerprint Biometric Attack
2003-08-18
Roger
Roger
Michael, you might be interested in this report:
http://www.heise.de/ct/english/02/11/114/
about a series of independant tests conducted by a German technology magazine.
It was painfully obvious that many manufacturers had focussed solely on FRR and FAR, and hadn't even considered vulnerability...
[ more ] [ reply ]
http://www.heise.de/ct/english/02/11/114/
about a series of independant tests conducted by a German technology magazine.
It was painfully obvious that many manufacturers had focussed solely on FRR and FAR, and hadn't even considered vulnerability...
[ more ] [ reply ]
Hackers Claim New Fingerprint Biometric Attack
2003-08-18
Tony Sieli
Tony Sieli
What kind of sensors did they fake? 1D, 2D optical, 3D capacitive (moisture and pressure sensitive)? Testing is a good idea, but who pays that bill. I suggest buying one and try it out first. We use Ringdale access control for our house and works good, price was good, and they use only ethernet. Not...
[ more ] [ reply ]
[ more ] [ reply ]
Not really earth-shaking...
2003-08-18
Roger (1 replies)
Roger (1 replies)
It seems clear that the purpose of this stunt is to maintain pressure on manufacturers to improve equipment. It isn't really an original demonstration, but closely replicates Matsumoto's January 2002 demonstration. The main difference is the use of latex. Matsumoto tried both silicone and gelatin, a...
[ more ] [ reply ]
[ more ] [ reply ]
Not really earth-shaking...
2003-08-19
rleroy (at) avantages (dot) com [email concealed]
rleroy (at) avantages (dot) com [email concealed]
Exactly, not really earth-shaking, it's like the war beetween IDS and anti-IDS teknikz, the war beetween the technikz of exploitation of a program and the way to secure it, but still.
It's original to see people doing something different and improving the security of it... maybe it's an utopia,...
[ more ] [ reply ]
It's original to see people doing something different and improving the security of it... maybe it's an utopia,...
[ more ] [ reply ]
nothing new
2003-08-18
Anonymous (2 replies)
Anonymous (2 replies)
There was a guy (Lefty_) on efnet irc that was talking about using latex in 2000 (and had some demos back then). His setup used a 3D printer though ($10k) so this is certainly cheaper.. He even contacted all the congress people when senators Feinstein and Boxter wanted to use smartcards for all en...
[ more ] [ reply ]
[ more ] [ reply ]
nothing new
2003-08-20
Anonymous
Anonymous
Congress get its information from the federal government, not from individuals. Why would a congressman listen to an individual when they have the "agencies" with highly paid engineers to do the research.
After a little searching on the net. I found www.biometrics.org. The 2 people who chair this...
[ more ] [ reply ]
After a little searching on the net. I found www.biometrics.org. The 2 people who chair this...
[ more ] [ reply ]
Advanced research can anwers Hackers Claim New Fingerprint Biometric Attack
2007-04-03
Sameha
Sameha
Where tricks are being made to spoof biometric systems, at the same time more and more advanced research has been conducted to answer to these hackings. I would like to mention that now there are manufacturers developing unique semiconductor-based fingerprint reader that uses small RF signals to det...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]