Not Surprised
The Mythbusters did a piece on fooling fingerprint readers a few years ago. They confirmed it is not very difficult to fool a fingerprint reader.
Boffins from Michigan State University have loaded up an inkjet printer with cartridges designed for printing electronic circuits, and used the output to fool smartphone fingerprint sensors. All that's needed is a scan of the victim's fingerprint (reversed so it presents the right way when printed), and a suitable inkjet …
The more tricky you get with stuff like veins and blood flow the greater the number of false negatives which will make for a frustrating user experience. Easier to just implant a chip in your finger and be done with it.
Devil icon (or closest thing to it) since I just suggested a special mark you must have before you're allowed to buy or sell!
Chip in finger is no solution
Oh boy. I'll have to start from scratch here.
Some finger print scanners use radio technology to scan for ridges - they read finger prints. They are fed a HF signal which is absorbed by your finger (if attached to your body) and the rate of absorption is modulated by print ridges passing over that specific transmission point. Put a bunch of these in a row and you have a scanner that only gives you a read if the body passing over the transmission is sufficiently large to absorb the signal. This stops the use of fingers with one previous owner.
Sticking a chip in a finger has (as far as I know) not yet happened because there isn't that much vacant space in a finger, as opposed to, say, cranial space in politicians or (apparently) rectal space in returning prisoners after removal of phones and chargers.
Biometrics are by definition observable and something you are so can't fulfill the concept of something you know like a password. In some ways that makes them worse choices because you can't just change them if they get stolen and they can get lost if you have to bandage up your digit due to an injury. Some materials actively erode the ridges (things like pineapple or beer believe it or not) so people working in certain industries can have trouble getting something unique anyway.
But if you consider them like a 2FA rather than an authentication in their own right, it is better than what it replaces. PINs can be viewed by people standing behind you. Whilst lifting a fingerprint off a surface is reasonably trivial, you also need the device. A fingerprint door latch for example could be argued as insecure, but is it less secure than the pin and tumbler it replaced?
What can you do to defend against a printed fingerprint? Look at vein structure and heat as well?
There's radio based tech which uses body mass as drain. That won't register unless there is a sufficiently large watery mass attached to the finger to drain energy and as it is proximity based you get a 3D depth read of finger details. That's why you should not press hard on a fingerprint reader, you cause plastic distortion of the details and end up with a false read.
What can you do to defend against a printed fingerprint? Look at vein structure and heat as well?
If I recall correctly it's Fujitsu who indeed has a chip that reads vein patterns, but that's not a fingerprint reader but a palm scanner. I haven't read up on that chip (too many other things to do) but I think it takes too much power for mobile use, and it's a bit tricky to use as it reads a palm from a fixed distance (5 to 10 cm if I'm not mistaken). I do recall that the amount of data it read was so large that there was a separate company writing software for matching such scans because the time between reading and matching a scan (for instance, to open a door) was too long.
It's been a while, though, things may have moved on. It's quite interesting tech but I agree with some other people here that badly implemented use of any biometrics is worth avoiding.
September 22, 1986 MacGyver demonstrated unlocking a hand print scanner by using a latent handprint. He sprinkled some ground up wall paint onto it and used his jacket to press down the plate... Even in the late 1990s some fingerprint scanners were vulnerable to the same attack... though you had to breathe onto them to get some moisture for it to work.
Biometrics is one of those things that can be logically deduced to be unsuitable for authentication. Your biometric key is not changeable (unlike a password), it cannot be read 100% accurately so you cannot deviate keys from it (imagine a password prompt with auto correct!), and it's impossible to keep secret.
The problem with the camera based readers is that they pretty much work on a picture match. Reproduce the picture and away you go.
I've worked with all sorts of biometric readers (as a matter of fact, I may still have the original gummy fingers hardcopy somewhere, kindly sent to me by Tsutomu Matsumoto) and there is a MASSIVE variation in the quality of these with a very simple deciding factor: price. There is one particular reader made in the US which is actually quite good, it's a "ridge" that you move your fingers over (this style has been used in some laptops for a while, it looks like a gold coloured line). It contains an array of "pins" which each act as small antennae and represent a pixel in the read. A fingerprint ridge passing a pin drains some of it energy, so a full line acts like your average scanner. It has multiple parallel lines so you can detect direction and validate a read.
Not only does the line design ensure you don't leave a handy latent print to use by a 3rd party (one of the major issues with shiny smartphones in general), but as the pins act as radio beacons it only gets a good read if there is actually a whole body attached to the finger in question. It could probably still be a dead body but I didn't test that as tourist season had already ended :).
We've thrown practically anything at that reader (including said gummi fingers, that's why I had the paper) and it rejected it all.
Resolution matters too. Reproducing a fingerprint in gummi is a relatively low resolution affair, but it matches enough data to give you a fighting chance. As soon as you elevate resolution it becomes harder to fool the reader, but you also increase the need for error correction as fingers are not always that clean. There's also the issue of sensitivity in general - some people have practically no ridges and it then becomes a signal to noise battle to pick up anything at all.
In summary, it can be done better but if you're looking at mobile phones, every dollar extra amounts to quite a total investment on the total volume. In the battle of risk versus cost, it appears the reader lost.
A smartphone with a fingerprint sensor is a gadget with another gadget, and once again, you get what you pay for.
That being said, I'm not a big fan of biometrics. The data has to be stored, and once it gests compromised, you'd have to change your password biometrics to be secure. But no biggie, eyeballs grow back, don't they?
That being said, I'm not a big fan of biometrics. The data has to be stored, and once it gets compromised, you'd have to change your password biometrics to be secure. But no biggie, eyeballs grow back, don't they?
Not quite. Whoever stores your data so it can be replayed elsewhere is better off taking up gardening instead of IT. The best use of biometrics to YOUR benefit should:
a - store the biometrics locally, so they're only used for access control to whatever secret is held (which could be anything from a secure password to a digital certificate for a VPN or access control). This also means no need for central Big Brother databases that risks everyone when compromised;
b - store the biometric as a salted hash, so it's one way only and not usable when injected into another, similar device.
(edit: this is actually how iPhones implement biometrics as well, but their reader really needs to be improved).
Depending on application you can influence the hash by adding a PIN of sorts and so move to 3 factor (something you have/are/know).
The main challenge is armour for the local storage. Not only does that need to be cryptographically secure, but it also needs measures against side channel attacks and against determined people physically shaving down chips until they get to the electronics (this is how satellite cards get analysed).
However, whatever security measures you use, never forget that someone may choose to use a more direct route.
"some people have practically no ridges and it then becomes a signal to noise battle to pick up anything at all."
Which is a very real problem when such biometrics are used for visas.
My wife "suffers" from this problem. It means she frequently gets to stay in airports for anything up to 5 hours past arrival, simply because they can't read her prints.
citation required. Not in any of the US airports I've used in the last several years.
Maybe if you fly inland, but if you're a foreigner they want their scan (or they just had something against me personally, but the whole row of terminals was scanner equipped :) ). They also photograph you while you're giving your prints. Although they tried not to be too obvious about it they simply don't do subtle very well :).
The need would have been less urgent if the whole thing had been properly researched beforehand, instead of being rushed through with marketing people having more say than the engineers.
If the research had been correctly conducted, it would have concluded that using fingerprints was not a 100% secure solution, and the whole thing would never have made it to the market.
Instead, we got teams who had to rush to put the thing on the market because nobody stopped to think if it actually answered the issue properly, so now somebody has to find a way to make a 3-legged horse gallop.
The whole things is just a waste of time and resources, but hey, terrism.
We can't print perfect replicas of fingerprints, we can only print replicas which are good enough to fool a fingerprint reader.
Creating something which could (for example) leave false fingerprints on a knife would be much more tricky, and it's probably impossible right now.
This article is more about how easy it is to spoof a fingerprint reader on a phone than about how good reproductions have become.
Not really. You do need to go the latex/gummy route, using something impregnated with the right amount of oil. Also, I believe finger print scanners actually do a better comparison than most CSI comparisons which look for five points.
Biometrics is stupid for a security as you can't change a fingerprint or retina.
It needs to be removed from passports.
Fingerprint readers and retinal scanners etc should be illegal. They serve no purpose other than exposing privacy. Trivial to copy a fingerprint from a door or glass. You can even add a pulse.
The sad fact is there is no secure alternative to old fashioned passwords.
I have a couple of good ones that are learnt. I let a password manager remember all the ones that are non-financial and not local machine access. I have an address book in a safe place (never in laptop bag / with phone) that has email, user, website password.
Different password and often different user and email for every website. None are real words or words with numbers or number substitutes.
Biometrics is a lazy failure of a solution to security.
"The sad fact is there is no secure alternative to old fashioned passwords."
Problem is that passwords are not an option for many people: particularly those with bad memories. So by declaring there's no alternative to something that's not an option, you're basically declaring there's no way possible for them to maintain security.
"I'll print myself a fake fingerprint, and carry it around to unlock my phone. Then anyone who copies and then tries to use my actual fingerprints will be wasting their time! :-)"
Even more cunning; Use your nose instead of a finger.
Easy to pretend to use a finger, then surreptitiously touch against the tip of your nose as you answer a call.
Then there is an EVEN MORE urgent need to compregend the fact that some people have TERRIBLE memories such they can't remember a password to save their life ("Was it correcthorsebatterystaple or was it rositachiquitajuanitachihuahua or was it junior?") AND don't routinely carry anything with them that can work as a second factor. How do you solve the security problem for people where the ONLY thng they can authenticate with is something they ARE (they don't know enough to have anything useful to KNOW and lack anything they HAVE).
Fingerprints have been copied since the 1930s. For an explanation of how a good start is the R Austin Freeman fiction book "The Red Thumbmark". In addition I remember that years ago there were allegations that police were using fingerprint lifts to transfer fingerprints from one surface to another to incriminate individuals. A fingerprint is a stamp impressed by your finger and like any other stamp it can be copied.
Thank you for your courteous comment. I'm sorry I haven't replied sooner. I thought about this for a while as I wanted something that would look natural on a phone.
My suggestions would be either dual biometrics using the ear print (in the natural process of putting the ear to the phone) and the fingerprint together or within a very short time period of each other or random selection by the phone of one of the eight fingerprints (not the thumbprints) . In the first are mobile phone sensors up to the job? In the second the phone could display a graphic of the hand with the appropriate finger coloured to show which print to use.
These are only my suggestions but I am sure people with greater knowledge could come up with much better ideas.