A guide by the “Chaos Computer Club” in Germany (who just published the latest edition of their magazine with plastic versions of German Secretary of the Interior Wolfgang Schäuble’s fingerprint inside) explains how to produce a usable physical copy of anyone’s fingerprint left carelessly on a glass, door handle, or magazine. It looks ridiculously easy. In fact, the use of forged fingerprints to defeat biometric security systems has already been demonstrated.
This makes a fingerprint potentially the easiest form of identification to forge, in turn making fingerprint-based access controls nearly useless. Though some biometrics technology companies claim that forged fingerprints can be “weeded out with use of the PIN”, something as easily forgable as a fingerprint doesn’t seem to add much to the security of a PIN alone. In fact, it seems like it would only serve as a benefit in the case where a non-technical attacker happens to find the PIN written down somewhere or obtains it from the potential victim directly—highlighting the fact that security is just as much a people problem as one solvable by the continual purchase of newer, more “advanced” technologies.
While the infallibility of the use of fingerprints to identify criminals has already been called into question, for most of their past 100+ years in court, fingerprint evidence alone has been enough to sustain a conviction. In addition to the errors noted in the UC Irvine study, I wonder how many convictions might have been based entirely on prints forged outright (I find it hard to believe that the primitive technology needed to forge prints was just discovered in the past few years).
Edit: Here’s another article from The Register with pics.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment