Biometrics – Pah!

Steve Riley mentions a piece done in the new series of Mythbusters, the Discovery Channel show, on his blog.  We have all heard of security conscious organisations that decide to use thumb/fingerprint readers to secure their computer rooms, etc.  We’ve also heard the urban legends"myths" that said systems can be cracked pretty easily.

Well, it appears they can!  The Mythbusters crew succesfully lifted a fingerprint from the reader and made latex and ballistics gel copies of it.  Using these (the latex sheet needed to be licked to work) they were able to succesfully fool the reader.  This was despite the manufacturer claiming that the reader checked pulse, sweat and temperature.  Worse again, they even beat it with a photocopy of a finger print.

As Steve mentions in his blog, biometrics by themselves are not a secure authentication mechanism.  Secure authentication requires two factors such as "What you have" (biometric, smart card, etc) and "what you know" (passphrase, PIN, etc).  Either one by itself can be easilly comprimised but together they are pretty secure.

So, the lesson here is, if your company uses fingerprint readers then you don’t need to worry about your finger being chopped off by attackers … it’s much easier to lift the print at the scene.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.