We didn’t post anything about the fingerprint deal? Seriously? We’re getting slow.
Japanese cryptographer Tsutomu Matsumoto has figured out a way to defeat a fingerprint reader about 80% of the time. “Using his crazy super-cryptographer skills!”, you say. No, not really. It’s all about the Gummi Bears:
First Tsutomu Matsumoto used gelatine (as found in Gummi Bears and other sweets) and a plastic mould to create a fake finger, which he found fooled fingerprint detectors four times out of five.
Flushed with his success, he took latent fingerprints from a glass, which he enhanced with a cyanoacrylate adhesive (super-glue fumes) and photographed with a digital camera. Using PhotoShop, he improved the contrast of the image and printed the fingerprint onto a transparency sheet.
Here comes the clever bit.
Matsumoto took a photo-sensitive printed-circuit board (which can be found in many electronic hobby shops) and used the fingerprint transparency to etch the fingerprint into the copper.
The PCB kit is used to turn a latent print into a 3D image to be used as a mold for your Gummi fingerprint. You could even put it over your own finger to conceal it with a guard watching, then eat the delicious evidence once you’re past the scanner. Not even James Bond got a break-in tool that doubled as a snack.
“Crazy Aaron” makes a pretty good point on why biometrics are not the end-all of security tools:
If someone rips off a password of yours, you can change it. If someone steals your credit card, you can cancel it. Lost a key? Change your locks.
But if someone figures out a way to duplicate your fingerprint or voiceprint or retinal or iris ID, there’s nothing you can do. Well, OK, you can switch to a different finger or a different eye, but nature puts certain hard limits on how many times you can do that. Once you’re out of organs, you’re out of luck.
The limited number of biometrics each person carries around with them also makes it impossible to have a large number of different biometric keys.
So here’s a twist: IBM has recently used the advertising equivalent of the Nuclear Option, $6M Lee Majors, to tout their new notebook with integrated fingerprint scanner. The fingerprint scanner ties into a password keyring that lets you log into your machine, websites, you name it. So suppose I steal your laptop. With an ordinary laptop, I would have a hard time getting into your stuff because I don’t have the passwords. If I steal your Thinkpad, though, I do have your password in the form of the latent prints you left on the lid, the CD drive, and every key on the keyboard. D’oh!