It is amazing how quickly you get used to a car that starts as long as you have the key somewhere on your person. When you switch vehicles, it becomes a nuisance to fish the key out and insert it into the ignition. Biometrics aims to make it even easier. Why carry around a key (or an access card), if a computer can uniquely identify you?
[Alexis Ospitia] wanted to experiment with vein matching biometrics and had good results with a Raspberry Pi, a web cam, and a custom IR illumination system. Apparently, hemoglobin is a good IR reflector and the pattern of veins in your hand is as unique as other biometrics (like fingerprints, ear prints, and retina vein patterns). [Alexis’] post is in Spanish, but Google Translate does a fine job as soon as you realize that it thinks “fingerprint” is “footprint.” The software uses OpenCV, but we’ve seen the same thing done in MATLAB (see the video below).
Continue reading “Getting Biometrics in Hand”
Who uses keys these days, really? Introducing the world’s first(?) biometric secured golf cart. Gives “push to start” a whole new meaning!
[Ramicaza] lives in a small community where many families (including his!) use golf carts to commute short distances, like to the grocery store, or school. Tired of sharing a key between his parents and siblings, [Ramicaza] decided to soup up his ride with a fingerprint sensor allowing for key less start.
He’s using an ATtiny85 and a GT511-C1 finger print sensor from SparkFun. After throwing together a circuit on a breadboard and testing the concept he went straight to a PCB prototype for install in the cart. What we really like is the case he integrated into the golf cart’s dash. It features a flip-up lid which turns the circuit on when it is opened, and off when it is closed to save battery. Scan your finger and a relay triggers the ignition allowing you to drive away.
Continue reading “Biometric Secured Golfcart Allows For Keyless Start”
We’re not sure how scientific the following hack is, but it’s certainly interesting. Designer [Samuel Matson], interested in the correlation between gaming and stress, has pieced together a device that provides biofeedback during gameplay. He referenced this /r/gaming thread—which measured a player’s heart rate during a Halo session—as well as conducted his own tests that monitored the heart rate of gamers. After several iterations, [Samuel] had the above-pictured headset, which features the familiar and hackable pulse sensor placed by the earpiece.
The headset uses a TinyDuino and a Bluetooth TinyShield to communicate to the gamer’s computer in real time. He didn’t stop with simply monitoring heart rates, however; he integrated the signal into the game design. [Samuel] used indie-favorite game engine Unity3d to create a third-person shooter that reacts to the pulse sensor by raising the difficulty level when the player’s heart rate increases. It seems that his goal is to reduce or control stress among players, but we suspect inverting the model may be more effective: have the game cut you some slack when you’re stressed and present a challenge when you’re mellow.
We’ve seen some ways to bypass biometric security measures but here’s a new offering that we think will be hard to fool. The Safelock system is used in conjunction with a password to identify a specific user. This software records your typing style including the time between keystrokes, the time keys are held, and key pressure data. This information is then normalized and compared to the information stored about the user when the password was originally set. If you don’t fall within specifications that match the stored data, you won’t get in even with the right password.
The icing on the cake is that Safelock will look for malicious users. If you enter the wrong password, it will begin to record and analyze your typing style. If you make enough incorrect attempts you will be labeled as a security threat and locked out of the system altogether. We can only think of one reliable way to circumvent this and that’s using a man-in-the-middle method of recording the keyboard inputs of the legitimate user for playback later.
This is an innovative user identification system and we’re not the only ones that think so. [Jeff Allen] and [John Howard], students at SMU won first prize for the Student Innovation Contest at the 2009 User Interface Software and Technology Symposium.
One of the more novel talks we saw at Defcon was [Zac Franken] presenting on access control systems. He covered several different types, but the real fun was his live demo of bypassing a hand geometry scanners like the one pictured above. With the help of two assistants, 4 pounds of chromatic dental alginate, and 5 liters of water, he made a mold of his hand. The box he placed his hand in had markings to show where the pegs on the scanner are located. After 2 minutes he could remove his hand from the cavity. They then filled the mold with vinylpolysiloxane, making sure to remove all bubbles. 20 minutes later the hand was solid and passed the scanner’s test. This may not be a completely practical attack, but it does defeat the overall idea of biometrics; biometrics are built on the assumption that every person is unique and can’t have their features reproduced.
[Zac] also showed an interesting magnetic card spoofer that emulated all three tracks using coils of magnet wire. We hope to see more about that in the future.