Researcher gives biometric readers the finger

News

Researcher gives biometric readers the finger

A Japanese researcher has demonstrated that some biometric fingerprint readers can often be fooled into granting access to unauthorised users with a few pounds-worth of household supplies and a little ingenuity.

Tsutomu Matsumoto - who is affiliated with the Graduate School on Environment and Information Sciences at Yokohama National University in Japan - gained unauthorised access with the aid of a fake finger moulded out of gelatin.

Matsumoto used the finger on 11 different biometric scanners and gained access 80% of the time, he claimed.

His next experiment involved drawing latent fingerprints from a piece of glass and adding those prints to the gelatin finger. After lifting the fingerprint from the glass, he enhanced it, photographed it and tweaked the image in Adobe Photoshop.

Matsumoto then printed the fingerprint image onto a transparency sheet and had it etched into a photosensitive circuit board. The print on the circuit board was then applied to the gelatin finger. This technique also allowed access about 80% of the time.

The data seems to contradict the claims of companies that sell biometric authentication systems. They have said biometrics is one of the hardest security methods to crack because of the reliance on the unique physical characteristics of users. Matsumoto, however, appears to have proved them wrong.

Matsumoto posted his discoveries online, but Bruce Schneier, who also broke the news in his Crypto-Gram e-mail newsletter, said, "If he could do this, then any semi-professional can almost certainly do much, much more.

"All the fingerprint companies have claimed for years that this kind of thing is impossible. When they read Matsumoto's results, they're going to claim that they don't really work, or that they don't apply to them, or that they've fixed the problem. Think twice before believing them."

Matsumoto's presentation is available online at
www.itu.int/itudoc/itu-t/workshop/security/present/s5p4.pdf

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy