Steve Riley mentions a piece done in the new series of Mythbusters, the Discovery Channel show, on his blog.Â We have all heard of security conscious organisations that decide to use thumb/fingerprint readers to secure their computer rooms, etc.Â We’ve also heard the urban legends"myths" that said systems can be cracked pretty easily.
Well, it appears they can!Â The Mythbusters crew succesfully liftedÂ a fingerprint from the reader and made latex and ballistics gel copies of it.Â Using these (the latex sheet needed to be licked to work) they were able to succesfully fool the reader.Â This was despite the manufacturer claiming that the reader checked pulse, sweat and temperature.Â Worse again, they even beat it with a photocopy of a finger print.
As Steve mentions in his blog, biometrics by themselves are not a secure authentication mechanism.Â Secure authentication requires two factors such as "What you have" (biometric, smart card, etc) and "what you know" (passphrase, PIN, etc).Â Either one by itself can be easilly comprimised but together they are pretty secure.
So, the lesson here is, if your company uses fingerprint readers then you don’t need to worry about your finger being chopped off by attackers … it’s much easier to lift the print at the scene.
This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.
No related posts.