Bugtraq mailing list archives
Re: Hacking USB Thumbdrives, Thumprint authentication
From: "Eric 'MightyE' Stevens" <mightye-removethis- () mightye org>
Date: Tue, 10 Feb 2004 08:49:50 -0500
Navaneetharangan wrote:
This is not true, there has been a fair amount of research done on creating false finger print pads from latent fingerprints, which mostly consist of defining the oils left behind with, eg, black printer toner, capturing a high resolution image of the finger print with a digital camera or scanner, touching up the image as necessary in a photo editing suite, printing a negative of the finger print on to transparency, and burning a "circuit" with ultraviolet light (common in the home electronics scene). This makes a reusable mold in to which gelatin can be poured to make a false finger pad which regularly fools fingerprint scanners since it is of similar consistency to human finger print pads. The largest covert advantage of the gelatin approach is that the false pads can be applied almost invisibly over a person's existing finger pads, and in the event of a panic of the operative, destruction of the evidence is easy, simply tear off the false pads with your teeth and consume the gelatin; within seconds there is no more trace as the false pads completely dissolve.2) With the arrival of optic based fingerprint scanners, the probability of getting authenticated on latent fingerprints (or by using a lifted fingerprint) is very minimal.
For more information on this, check out Google: http://www.google.com/search?q=defeat+fingerprint+scanner+gelatin
This is true, and this increases the effort required on the part of the covert operative in order to capture a successful identification, however the underlying problem still exists: once a user's prints are successfully compromised, they have no opportunity to alter their key (finger prints). If my password is guessed, I can change it. If my SSH key is broken, I can change it. If my fingerprints are captured, I have no such opportunity.3) And you can use all the ten fingers of yours for authentication; it need not always be your thumbprint alone.
-Eric "MightyE" Stevens To reply to me, please remove "-removethis-" from my email address. http://lotgd.net -- Slay a dragon... over lunch!
Current thread:
- RE: Hacking USB Thumbdrives, Thumprint authentication markus-1977 (Feb 05)
- RE: Hacking USB Thumbdrives, Thumprint authentication Navaneetharangan (Feb 06)
- Re: Hacking USB Thumbdrives, Thumprint authentication Eric 'MightyE' Stevens (Feb 11)
- Biometric systems security [WAS: Re: Hacking USB Thumbdrives, Thumprint authentication] Gadi Evron (Feb 07)
- Re: Hacking USB Thumbdrives, Thumprint authentication Dave Aronson (Feb 09)
- Re: Hacking USB Thumbdrives, Thumprint authentication Eric Murray (Feb 11)
- <Possible follow-ups>
- RE: Hacking USB Thumbdrives, Thumprint authentication David Brodbeck (Feb 09)
- RE: Hacking USB Thumbdrives, Thumprint authentication Charles Clancy (Feb 11)
- RE: Hacking USB Thumbdrives, Thumprint authentication Lyal Collins (Feb 16)
- RE: Hacking USB Thumbdrives, Thumprint authentication Charles Clancy (Feb 11)
- RE: Hacking USB Thumbdrives, Thumprint authentication David.Cross (Feb 11)
- RE: Hacking USB Thumbdrives, Thumprint authentication Navaneetharangan (Feb 06)