In 2008, the then German interior minister, [Wolfgang Schäuble] had his fingerprint reproduced by members of the German Chaos Computer Club, or CCC, and published on a piece of plastic film distributed with their magazine. [Schäuble] was a keen proponent of mass gathering of biometric information by the state, and his widely circulated fingerprint lifted from a water glass served as an effective demonstration against the supposed infallibility of biometric information.
It was reported at the time that the plastic [Schäuble] fingerprint could fool the commercial scanners of the day, including those used by the German passport agency, and the episode caused significant embarrassment to the politician. The idea of “spoofing” a fingerprint would completely undermine the plans for biometric data collection that were a significant policy feature for several European governments of the day.
It is interesting then to read a paper from Michigan State University, “RaspiReader: An Open Source Fingerprint Reader Facilitating Spoof Detection” (PDF downloadable from the linked page) by [Joshua J. Engelsma], [Kai Cao], and [Anil K. Jain] investigates the mechanism of an optical fingerprint reader and presents a design using the ever-popular Raspberry Pi that attempts to detect and defeat attempts at spoofing. For the uninitiated is serves as a fascinating primer on FTIR (Frustrated Total Internal Reflection) photography of fingerprints, and describes their technique combining it with a conventional image to detect spoofing. Best of all, the whole thing is open-source, meaning that you too can try building one yourself.
If [Cao] and [Jain] sound familiar, maybe it’s from their Samsung Galaxy fingerprint hack last year, so it’s neat to see them at work on the defense side. If you think that fingerprints make good passwords, you’ve got some background reading to do. If you just can’t get enough fingerprints, read [Al Williams]’ fundamentals of fingerprint scanning piece from earlier this year.
Via Hacker News.
Picture is a sample for developing detect-chopped-of-finger algorithms.
Or for identifying Raynaud’s phenomenon or similar vasculitides.
First glance I thought this said “detect-chopped-off-finger”.
Is white LED light really feasible?
Wouldn’t several monochromatic LEDs combined with a B/W camera be better?
One would think he would naturally be an opponent after pointing out all the flaws with biometrics. Maybe he is a keen proponent because he plans on committing crimes and framing other people for it. ;)
> [Schäuble] was a keen proponent of mass gathering of biometric information […]
He still is, he still is. Now he’s finance minister, which means that he can cause damage in other places too.
> and the episode caused significant embarrassment to the politician.
This, OTOH, isn’t accurate. Whereas the episode caused some media splash (and was pretty amusing in itself), Schäuble was not in the least embarrased. He has been in thicker things (having been caught once taking an envelope from a very dubious international arms dealer, which put Schäuble out of business for a while).
Middle finger says liver dysfunction.
I think the middle finger says a lot more than that.
I wonder could a biometric scanner be fooled by data from security breaches, like the 5.6 million fingerprints in the US (2015).
https://en.wikipedia.org/wiki/United_States_Office_of_Personnel_Management#2015_Data_Breach
Why bother with this? It only means an unending game played back and forth.. finger print readers that cannot be spoofed with current spoofing methods followed by new spoofing methods followed by new readers followed by…
At the end of the day a finger print is still a ‘password’ that one leaves on everything they touch and still cannot change once it’s compromised. Biometrics are a bad idea that people keep just throwing money at. If people really want the convenience of built-in authentication then they might as well just give up and embrace implantable (and programmable) RFID chips.
I would love to get a couple of RFID implants.. one that is a copy of my keycard to the door at my workplace, the other for the hackerspace I go to.
Sounds good until someone running that scanner decides that “your” kind of people aren’t allowed to do something that you want to do. Equally bad, the system doing the RFID recognition is compromised. Suddenly doors are very literally closed in your face. Ask the people who have been improperly declared “dead” how easy it is to cope.
obligatory Monty Python:
https://www.youtube.com/watch?v=GU0d8kpybVg
I think the reason to use biometrics is to make sure they track YOU specifically, it’s more for advertisers and ‘security services’ than it is for the actual user.
Typical, real life shows what happens when politicians get their hands on stuff like that, CCC stops it, goddamn university morons try to start it up again.
Maybe CCC needs a ninja division.