The Narcisystem

March 28, 2009 by Caleb Kraft 18 Comments

biometric

The Narcisystem is part of an art display where [Eric] strapped himself to as many biometric sensors as he could. The core of the system was a Funnel IO which includes an Arduino, Xbee plug, and LiPo charging circuit. It was collecting data from a heart rate monitor, an EEG, a breathalyzer, compass, and an accelerometer. This data was sent to a laptop and then sent to different displays. You can see the setup functioning in a video after the break. The red flashes are his heart beat, the blue light is the direction he’s facing. What you can’t see is the high power bass thud every time he takes a step. The EEG data was supposed to effect the tempo of the music, but it failed and was dropped, as was the fog machine based on his blood alcohol level. He notes that he wanted to do more, but was lacking the hardware.

Continue reading “The Narcisystem” →

Biometric Locks Turned Trojan

August 15, 2008 by Caleb Kraft 9 Comments

In the same vein as our recent Defcon article on biometric cloning, White Wolf Security has released this article about turning a biometric door lock into a trojan. They note that there are many common ways to break into one, from harvesting fingerprints to using gummy bears to fake a finger. This hack involves having full access to the unit so you can disassemble it.

The unit has a system built-in where you can touch a 9-volt battery to some connectors on the bottom to power it in case of a building power failure. The researchers simply routed some wires from the motorized lock to the plates used for the 9-volt and then reassembled the lock. The door can then be opened at any time without verification, even if the software on the unit is reset.

[Thanks, dwight]

Defcon 16: Biometric Cloning

August 14, 2008 by Eliot 7 Comments

One of the more novel talks we saw at Defcon was [Zac Franken] presenting on access control systems. He covered several different types, but the real fun was his live demo of bypassing a hand geometry scanners like the one pictured above. With the help of two assistants, 4 pounds of chromatic dental alginate, and 5 liters of water, he made a mold of his hand. The box he placed his hand in had markings to show where the pegs on the scanner are located. After 2 minutes he could remove his hand from the cavity. They then filled the mold with vinylpolysiloxane, making sure to remove all bubbles. 20 minutes later the hand was solid and passed the scanner’s test. This may not be a completely practical attack, but it does defeat the overall idea of biometrics; biometrics are built on the assumption that every person is unique and can’t have their features reproduced.

[Zac] also showed an interesting magnetic card spoofer that emulated all three tracks using coils of magnet wire. We hope to see more about that in the future.

[photo: morgan.davis]