Bypassing Biometric Security Devices
Posted March 9th, 2009 by Carrie Davis
Biometrics - the science of using our unique personal characteristics to confirm our identities - is no doubt cool. The slick technology has captured our imaginations in movies like Minority Report, Gattaca, and National Treasure, to name a few. But these same movies also point out biometrics’ vulnerabilities.
In Minority Report, for instance, Tom Cruise bypasses the retinal scanners placed throughout the city by undergoing eyeball replacement surgery (drastic but effective). In Gattaca, Ethan Hawke uses the hair, skin, and blood of another human being to trick the frequently administered “gene tests.” And Nicholas Cage in National Treasure gains access to the Declaration of Independence by pulling a thumbprint off of a champagne glass and using it to bypass a fingerprint scanner.
Breaking through biometrics in real life
The guys on MythBusters wanted to try and break through a biometric system in real life (check out the video below). They successfully unlocked a door equipped with a fingerprint scanner. They first covertly stole a fingerprint of an authorized user, then re-created it using three different methods: latex, ballistics gel, and a photocopier. All three methods worked. (The key was licking them to simulate sweat.)
Facial recognition technology can be manipulated as well. Duc Nguyen demonstrated this at February’s Black Hat Conference in Virginia by waving a photo in front of the scanner. You can either take a picture yourself, or snag one off of a social networking site like Facebook. Quality and resolution don’t matter, says Nguyen. Simulate eye movement by moving the picture in front of the camera, and voila, access granted.
It’s not always quite this simple, but you get the idea. No matter how high-tech the security system, it can be bypassed with enough time, money, or talent. We continue to create more advanced security measures, and hackers continue to rise to the challenge. It’s a never ending game of cat-and-mouse.
Multiple security methods
Just because it can be bypassed, though, doesn’t mean we should abandon biometrics as a useful security measure. Pair the technology with strong password protection, for instance, to create a double layer of security. While a little more inconvenient for the user, dual-security measures give even the best hackers a run for their money.
Combining biometrics with token authentication offers even more security. For instance, a company could embed laptops containing sensitive information with fingerprint scanners, and supply employees with RSA SecureIDs that are matched to their unique fingerprints. To log in to the laptop, employees swipe their finger on the reader, and upon a successful fingerprint match, a tokencode is generated on the SecureID. They type in the tokencode to gain access.
Of course, a system like this isn’t cheap, and it requires maintenance. It’s up to each individual or corporation to decide how valuable their data is, and how much time and money they should spend to protect it.
Posted in
- Login to post comments
My Account | Contact Us | Write For Us | About Us | Sitemap | Answers
Email Options | Privacy Policy | Terms & Conditions
Copyright © 2002-2009 SpendOnLife.com. All Rights Reserved.
Comments
Wow... This is a nice video
Submitted on April 30th, 2009 by ACS chennai (not verified)Wow... This is a nice video showing how they bypass the biometric system...
Roshid
The Myth Busters beat a scan
Submitted on July 8th, 2009 by Visitor (not verified)The Myth Busters beat a scan of a fingerprint, this is not biometrics.
Bio meaning living and metrics meaning measurement thus a living fingerprint must be used for both recognition and verification of the enroll recognized print. The unit I refer to it uses the Four biological markers of pulse, blood pressure, body temperature, and the capillary patterns in the skin, as well as a proprietary "3 Dimensional Scan Technology" to verify your fingerprint two ways. The ridges of the print itself, AND the DEPTH of the valleys BETWEEN the ridges. This is known as Live Fingerprint Identification.
I doubt the Myth Busters could fool this type of technology. Even if they cut the finger from the user and tried to enter, with no pulse blood pressure or temperature. apex fingerprint security has further information. Technology is moving at the speed of light, not be left in the past.
Regards
Ollie
checks blood pressure, temperature and pulse, plus scans the ridge patterns along with the depth of the valleys between those ridges
Thanks for expanding on this
Submitted on July 9th, 2009 by Carrie DavisThanks for expanding on this topic Ollie. I don't know that the MythBusters team would have been able to break past a more advanced biometric system that measured a fingerprint 3 dimensionally. I can only imagine how expensive a biometric lock like that must cost, and how valuable the goods on the other side of it might be worth!
True, however it has been
Submitted on February 23rd, 2010 by Visitor (not verified)True, however it has been demonstrated that livescan devices can also be fooled with a bit more effort and planning. A japanese scientist recently fooled several commercial devices with livescan technology, by creating fingertip molds from gelatin (similar to the basis for gummy candies). The texture, resistence, and moisture worked. By using a thin mold placed over his own live finger, he was able to fool the systems that required pulse or body heat.
I don't think we can still
Submitted on March 11th, 2010 by Elizamp (not verified)I don't think we can still rely on that kind of security devices. That video shows well how hackers work to fool several companies and these security devices can be truly inconvenient in some other way not just in terms of its security method, but in our health too. These are possibly created through integration of different beams and people may need to touch these radars over and over again that can terribly lead to health problems.