New Fingerprint Scanner Will Stop Some "Hacks"

In the Huffington Post this morning, I found an article about a fingerprint scanner being tested by Nexus USA in a South Dakota college. "Rejoice!" the writers seemed to say. "They can no longer cut off your hand to steal your information!"

Um.... Folks, that wasn't the real-world security risk. You're just making people think that it only applies to extreme situations. It doesn't.

Hackers have been able to create fake fingers and gelatine molds of fingerprints to fool scanners for a very long time. A false finger is just what it sounds like - a finger made in a mold that can be used to fool a scanner. A false fingerprint can be made using a simple photograph of someone's fingerprint, a few supplies, and three to five hours of work.

The false fingerprint isn't as 'high-tech-sexy' as the movie versions of false fingerprints. It's not a thin layer of what looks like wax that you peel off and no one could tell you had. It looks like a dot of ballistics gel that you stick on the end of your finger. The problem is that it works to get past scanners, with only a little practice.

The easiest - and most commonly used - method of stopping someone from hacking a scanner is to have a human stationed near any scanners that require them. Network Security textbooks clearly state that there is no replacement for alert, ethical, human security. Electronic locks and other devices can be hacked in a variety of ways, but most depend on having uninterrupted access for a few minutes.... And that access sometimes includes removing faceplates.

Humans, sadly, can be inattentive or bribed. We are, in a different way, just as unreliable as computer security. But, even an inattentive guard will generally sit up and take professional offense if you pull out your screwdriver and start pulling off parts of his security system. He or she might not notice a bit of gelatine on the tip of someone's finger, or the finger that was pulled from a pocket and pressed to the plate.

Will this technology stop the false finger and fingerprint methods? The false finger will be stopped. There is no pulsing, living heartbeat behind it. The gelatine fingerprint, on the other hand, has an actual fingertip behind the false fingerprint. Depending on the thickness of the false print, the sensitivity of the equipment, and how much it allows to account for things like low blood pressure or poor circulation?

That's will require actual testing to determine.

For the original Huffington Post article.

Comments