Sunday, November 22, 2009

So much for biometric security systems!

You've doubtless heard of biometric security systems, which typically use your fingerprint to clock you in and out at work, or unlock doors for areas where you're permitted to go, or even safeguard access to computers by requiring users to provide their fingerprints to use the device.

Now, from China it's reported that there's a new way to bypass some such systems.

Lazy workers are giving bosses' new security measures the finger - by sending off for kits to fake their own fingerprints.

Customers send their prints to an online company in Shandong, eastern China, which for 10 GBP sends back fake fingertips with perfect copies of the dabs.

It means anyone can fool fingerprint security systems just by slipping on the silica gel moulds.

The product has found a massive market in China where companies are scrapping old-fashioned sweep cards for fingerprints to clock on and off.

One customer Xiao Liu, 38, said: "We're fined 20 pounds (US $33) every time we're late and I used to ask a friend to punch me in until my bosses switched to fingerprints.

"Now I've just given some copies of my fingerprints to people on the early shift and I'm never late no matter what time I get up."

But the technology has massive implications for police and anti-terrorist authorities.

"People can simply steal a set of fingerprints and cause chaos with identity theft," said one expert.

Looks like it's back to the drawing-board for the security experts . . .



West, By God said...

Faking fingerprints like this is old news. There are similar techniques to fool _old_ models of iris scanners. All decent, modern fingerprint scanning devices are smart enough that they aren't fooled by this type of forged fingerprint. It is simple to measure skin conductivity or enact other measures to ensure the fingerprint is part of a living finger.

Wayne Conrad said...

The bigger problem with biometrics is that, unlike a password, your fingerprint or iris pattern cannot be changed. This creates a bit of problem should the metric be compromised.

Betty said...

Reminds me of Angels & Demons where thieves rip a guy's eye out to get past an iris scanner...

Anonymous said...

Mythbusters did this. It turned out that it was harder to fool the cheap fingerprint lock attached to the computer than it was to fool the expensive door lock. They even managed to fool the door lock with a piece of paper with the finger print printed on it. After licking the paper, the lock accepted the "print".

Anonymous said...

So all of the employers who replaced a -person- (or a couple hours of person in the morning and evening) with a $150 box are now surprised that employees are standing at their box swiping silicon gel after silicone gel over the silly biometric window. Folks were talking about this in "biometrics" classes at my local community college back in the 90's... be glad they're not hacking into the thing, logging in/out electronically, and not even showing up... bk425