Patrice Riemens on Fri, 24 May 2002 02:40:31 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Biometrics are not so safe, easily defeated by lo-tech means


Sorry for re-fwd, but I thought this would interest the 'general' nettime 
readers, esp re: low-tech defeaters of hi-tech (Sony cs)

original from nettime-nl

----- Forwarded message from felipe rodriquez <felipe@xs4all.nl> -----

Delivered-To: nettime-nl@nettime.org
From: "felipe rodriquez" <felipe@xs4all.nl>
Date: Thu, 23 May 2002 23:04:52 +1000



http://staging.infoworld.com/articles/hn/xml/02/05/16/020516hngums.xml?T
emplate=/storypages/printfriendly.html

May 16, 2002 12:53 PM 

Japanese researcher gums up biometrics scanners 
By Sam Costello 

A JAPANESE RESEARCHER has demonstrated that some biometric fingerprint
readers can often be fooled into granting access to unauthorized users
with a few dollars of household supplies and a little ingenuity.

The discovery was disclosed on May 14 in a presentation given by Tsutomu
Matsumoto -- who is affiliated with the Graduate School on Environment
and Information Sciences at Yokohama National University in Japan -- at
the ITU-T Workshop on Security being held in Seoul, South Korea.
Matsumoto posted his presentation online but news of the discovery was
spread most widely through the new issue of security guru Bruce
Schneier's Crypto-Gram e-mail newsletter, which was released Wednesday.

"The results are enough to scrap the systems completely, and to send the
various fingerprint biometric companies packing. Impressive is an
understatement," Schneier wrote.

The data seems to contradict the claims of companies that sell biometric
authentication systems. They have said biometrics are among the
hardest-to-crack security methods since they rely on the unique physical
characteristics of their users. Matsumoto, however, was able to gain
unauthorized access with two relatively simple techniques, according to
Schneier's report on the tests.

Matsumoto performed his experiments on 11 different biometric
fingerprint scanners using a fake finger molded out of gelatin.
Matsumoto made a plastic mold of a real finger, and then created the
false finger by injecting gelatin into the mold. The gelatin finger was
able to gain unauthorized access through the 11 fingerprint scanners
about 80 percent of the time, according to Schneier.

Matsumoto then attempted a more complicated experiment in which he drew
latent fingerprints from a piece of glass and attempted to add those
prints to the gelatin finger, Schneier wrote. After lifting the
fingerprint from the glass, he enhanced it, photographed it and tweaked
it in Adobe Systems' Photoshop, he said. Matsumoto then printed the
fingerprint onto a transparency sheet and had it etched into a
photosensitive circuit board. The print on the circuit board was then
applied to the gelatin finger. This technique also allowed access about
80 percent of the time, Schneier wrote.

"If he could do this, then any semi-professional can almost certainly do
much, much more," Schneier wrote.

"All the fingerprint companies have claimed for years that this kind of
thing is impossible. When they read Matsumoto's results, they're going
to claim that they don't really work, or that they don't apply to them,
or that they've fixed the problem," Schneier wrote. "Think twice before
believing them."

Matsumoto's presentation is available online at
http://www.itu.int/itudoc/itu-t/workshop/security/present/s5p4.pdf


______________________________________________________
* Verspreid via nettime-nl. Commercieel gebruik niet
* toegestaan zonder toestemming. <nettime-nl> is een
* open en ongemodereerde mailinglist over net-kritiek.
* Meer info, archief & anderstalige edities:
* http://www.nettime.org/.
* Contact: Menno Grootveld (rabotnik@xs4all.nl).

----- End forwarded message -----

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net