Sunday, 24 July 2011

Biometrics and parts from the dead

Reading through my New Scientist this week I see that there has been concern about dead parts being used to spoof fingerprint scanners. Severed fingers and fingers removed corpses can be used to enter secure facilities, steal cars or log on to computers.


I did mention this in the book Cold Suspenders, and alluded to the first reported case in March 2005, when thieves stole a biometrics-activated Mercedes in Kuala Lumpur, Malaysia. Attackers forced Mr Kumaran to put his finger on the security panel to start the vehicle, bundled him into the back seat and drove off.  But having stripped the car, the thieves became frustrated when they wanted to restart it. They found they could not bypass the immobiliser, which needed the owner's fingerprint to disarm it. They cut off the end of his index finger with a machete, stripped Mr Kumaran naked and left him by the side of the road.

The New Scientist reports that researchers at Dermalog Identification Systems in Hamburg, Germany, have developed a way for a fingerprint scanner to differentiate between live and dead tissue. It is based on the way living tissue "blanches" - or changes colour - when blood is squeezed out of capillaries, for example as a fingertip is pressed against a reading machine.
Fake fingerprints can be also created by imprinting copies in rubbery gels or silicone plastic. There is a suggestion that a valid user can leave an greasy print on a reader, thereby allowing a subsequent user to gain access by putting his finger near enough to the reader to activate it. That may have been one of the problems at Glenochil Prison.

See: 

Can any system ever be totally secure?
Does more technology actually create more problems?

No comments:

Post a comment