We have a love-hate relationship with biometric ID. After all, it looks so cool when the hero in a sci-fi movie enters the restricted-access area after having his hand and iris scanned. But that’s about the best you can say about biometric security. It’s conceptually flawed in a bunch of ways, and nearly every implementation we’ve seen gets broken sooner or later.
Case in point: prolific anti-biometry hacker [starbug] and a group of friends at the Berlin CCC are able to authenticate to the “Samsung Pay” payment system through the iris scanner. The video, embedded below, shows you how: take a picture of the target’s eye, print it out, and hold it up to the phone. That was hard!
Sarcasm aside, the iris sensor uses IR to recognize patterns in your eye, so [starbug] and Co. had to use a camera with night vision mode. A contact lens placed over the photo completes the illusion — we’re guessing it gets the reflections from room lighting right. No etching fingerprint patterns into copper, no conductive gel — just a printout and a contact lens.
Continue reading “Fooling Samsung Galaxy S8 Iris Recognition”
Wireless storage and biometric authentication are both solved problems. But as [Nathan] and [Zhi] have noticed, there is no single storage solution that incorporates both. For their final project in [Bruce Land]’s ECE 4760, they sought to combine the two ideas under a tight budget while adding as many extras as they could afford, like an OLED and induction coil charging.
Their solution can be used by up to 20 different people who each get a slice of an SD card in the storage unit There are two physical pieces, a base station and the wireless storage unit itself. The base station connects to the host PC over USB and contains an Arduino for serial pass-through and an nRF24L01+ module for communicating with the storage side. The storage drive’s components are crammed inside a clear plastic box. This not only looks cool, it negates the need for cutting out ports to mount the fingerprint sensor and the OLED. The sensor reads the user’s credentials through the box, and the authentication status is displayed on an OLED. Files are transferred to and from the SD card over a second nRF24L01+ through the requisite PIC32.
Fingerprint authorization gives the unit some physical security, but [Nathan] and [Zhi] would like to add an encryption scheme. Due to budget limitations and time constraints, the data transfer isn’t very fast (840 bytes/sec), but this isn’t really the nRF modules’ fault—most of the transmission protocol was implemented in software and they simply ran out of debugging time. There is also no filesystem architecture. In spite of these drawbacks, [Nathan] and [Zhi] created a working proof of concept for wireless biometric storage that they are happy with. Take a tour after the break.
Continue reading “A Shareable Wireless Biometric Flash Drive”
Researchers [Christian Holz] and [Marius Knaust] have come up with a cool new way to authenticate you to virtually any touchscreen device. This clever idea couples a biometric sensor and low-data-rate transmitter in a wearable wrist strap that talks to the touch screen by electrifying you.
Specifically the strap has electrodes that couple a 50V, 150kHz signal through your finger, to the touchscreen. The touchscreen picks up both your finger’s location through normal capacitive-sensing methods and the background signal that’s transmitted by the “watch”. This background signal is modulated on and off, transmitting your biometric data.
The biometric data itself is the impedance through your wrist from one electrode to another. With multiple electrodes encircling your wrist, they end up with something like a CAT scan of your wrist’s resistance. Apparently this is unique enough to be used as a biometric identifier. (We’re surprised.)
Continue reading “Biometric Bracelet Electrifies You to Unlock Your Tablet”
It is amazing how quickly you get used to a car that starts as long as you have the key somewhere on your person. When you switch vehicles, it becomes a nuisance to fish the key out and insert it into the ignition. Biometrics aims to make it even easier. Why carry around a key (or an access card), if a computer can uniquely identify you?
[Alexis Ospitia] wanted to experiment with vein matching biometrics and had good results with a Raspberry Pi, a web cam, and a custom IR illumination system. Apparently, hemoglobin is a good IR reflector and the pattern of veins in your hand is as unique as other biometrics (like fingerprints, ear prints, and retina vein patterns). [Alexis’] post is in Spanish, but Google Translate does a fine job as soon as you realize that it thinks “fingerprint” is “footprint.” The software uses OpenCV, but we’ve seen the same thing done in MATLAB (see the video below).
Continue reading “Getting Biometrics in Hand”
Who uses keys these days, really? Introducing the world’s first(?) biometric secured golf cart. Gives “push to start” a whole new meaning!
[Ramicaza] lives in a small community where many families (including his!) use golf carts to commute short distances, like to the grocery store, or school. Tired of sharing a key between his parents and siblings, [Ramicaza] decided to soup up his ride with a fingerprint sensor allowing for key less start.
He’s using an ATtiny85 and a GT511-C1 finger print sensor from SparkFun. After throwing together a circuit on a breadboard and testing the concept he went straight to a PCB prototype for install in the cart. What we really like is the case he integrated into the golf cart’s dash. It features a flip-up lid which turns the circuit on when it is opened, and off when it is closed to save battery. Scan your finger and a relay triggers the ignition allowing you to drive away.
Continue reading “Biometric Secured Golfcart Allows For Keyless Start”
We’re not sure how scientific the following hack is, but it’s certainly interesting. Designer [Samuel Matson], interested in the correlation between gaming and stress, has pieced together a device that provides biofeedback during gameplay. He referenced this /r/gaming thread—which measured a player’s heart rate during a Halo session—as well as conducted his own tests that monitored the heart rate of gamers. After several iterations, [Samuel] had the above-pictured headset, which features the familiar and hackable pulse sensor placed by the earpiece.
The headset uses a TinyDuino and a Bluetooth TinyShield to communicate to the gamer’s computer in real time. He didn’t stop with simply monitoring heart rates, however; he integrated the signal into the game design. [Samuel] used indie-favorite game engine Unity3d to create a third-person shooter that reacts to the pulse sensor by raising the difficulty level when the player’s heart rate increases. It seems that his goal is to reduce or control stress among players, but we suspect inverting the model may be more effective: have the game cut you some slack when you’re stressed and present a challenge when you’re mellow.
We’ve seen some ways to bypass biometric security measures but here’s a new offering that we think will be hard to fool. The Safelock system is used in conjunction with a password to identify a specific user. This software records your typing style including the time between keystrokes, the time keys are held, and key pressure data. This information is then normalized and compared to the information stored about the user when the password was originally set. If you don’t fall within specifications that match the stored data, you won’t get in even with the right password.
The icing on the cake is that Safelock will look for malicious users. If you enter the wrong password, it will begin to record and analyze your typing style. If you make enough incorrect attempts you will be labeled as a security threat and locked out of the system altogether. We can only think of one reliable way to circumvent this and that’s using a man-in-the-middle method of recording the keyboard inputs of the legitimate user for playback later.
This is an innovative user identification system and we’re not the only ones that think so. [Jeff Allen] and [John Howard], students at SMU won first prize for the Student Innovation Contest at the 2009 User Interface Software and Technology Symposium.