Thursday, January 19, 2017

Peace sign selfies could let hackers copy your fingerprints

I always find it interesting when researchers stumble on ways the governments around the world have been getting finger prints for years, at least that is what the leakers say. Getting finger prints off of photos and even video has been around for a while, but this article puts it out in the open. Take it to the next step and you can see where it is possible to get finger prints off of photos of a window, and other items in a photo. It mentions that a "researcher" took a picture of Angela Merkel and made a copy of her eye to fool optical scanners, and it worked in testing, the DARPA folks have figured that one out long ago. Pictures have been used to beat facial recognition systems as well. This takes it well beyond the gummy bear finger print spoofer the Japanese Professor taught his students to beat finger print readers. It also should be remembered that vendors of finger print readers have already had liveness tests for their reader. Most did what this article talks about, looking for body heat and even blood flow in the finger using the reader. It turns out a little moisture on the gummy bear type of attack, lets the finger print reader, see the persons finger pressing down the gummy bear as a live finger print. So that one has been beat already. Now vendors will tell you that they can eliminate or at least cut down these fraudulent attempts at beating their systems, and they can to some extent, but when they put the bio-metric readers at a high enough, for lack of a better term sensitivity, they tend to not let people it should in, and that causes the system users to reduce sensitivity, so more people can actually use the systems. In one system test for a government agency they reduced the fault rate as they are called enough, that a number of my employees could enter the system under one persons bio metric signature. Which since it is mainly a time and attendance system, it was not a huge security risk.
from CTI Consulting

No comments:

Post a Comment