Results 1 to 11 of 11

Thread: Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

  1. #1
    Roma_Victrix's Avatar Gatorade, is it in you?
    Join Date
    Sep 2010
    Location
    Virginia, USA
    Posts
    12,620

    Default Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

    Hacker fakes German minister's fingerprints using photos of her hands: Jan Krissler used high resolution photos, including one from a government press office, to successfully recreate the fingerprints of Germany’s defence minister

    Wow. Also, another good takeaway from that article:

    How to go from there to stealing all their passwords?

    One way, demonstrated on stage, is to read what they’re typing by analysing photographs of the reflections in their eyes. Smartphone cameras, even front-facing ones, are now high-resolution enough that such an attack is possible.
    We're doomed.

    Seriously, though, do you guys think this will lead to immediate security breaches? As in the next few years, if not within this fiscal year? Advancements in personal technology may come back to bite us in the rear, it seems. The article suggests using fingerprints as a user name in conjunction with a long hard-to-encrypt password, yet given the quote above, even that can potentially be snatched.

  2. #2

    Default Re: Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

    In the early days of biometrics, you could use fingerprint impressions from gummyworms.

    Most people don't know this, but graphic design folks have found fingerprints on scanned photos, as far back as Photoshop 3.0(1994) and those could similarly be utilized.

    When you pass around glossy photos versus matte, the oils and fingerprints transfer and show up when zoomed. These pick up dust and are often touched up as they ruin a shot.
    Last edited by RubiconDecision; November 17, 2015 at 10:37 PM.

  3. #3

    Default Re: Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

    969
    Which leaves us with foot prints.
    Eats, shoots, and leaves.

  4. #4

    Default Re: Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

    Nope retinal or even iris scans.

    Last edited by RubiconDecision; November 21, 2015 at 04:32 PM.

  5. #5

    Default Re: Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

    I'm sure I've seen at least one movie where someone rips out authorized personnel eyeball and presents it to the scanner.
    Eats, shoots, and leaves.

  6. #6

    Default Re: Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

    Human beings each have a unique cloud of bacteria that are deposited on surfaces as we move around.
    http://www.wired.com/2010/03/keyboard-microbiome/

    The military can deposit smart dust on a suspect and track them.
    http://www.cnn.com/2010/TECH/05/03/smart.dust.sensors/

  7. #7
    Magister Militum Flavius Aetius's Avatar Aetī Avēas!
    Civitate

    Join Date
    Mar 2010
    Location
    Rock Hill, SC
    Posts
    16,263
    Tournaments Joined
    1
    Tournaments Won
    0

    Default Re: Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

    Yep, it doesn't matter anymore. We are all being watched.

    BTW anyone who did the Windows "How old are you?" thing where you uploaded a photo and it tried to guess your age gave microsoft their windows 10 password (since Windows 10 can use facial recognition software to log in with).

  8. #8

    Default Re: Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

    Quote Originally Posted by Magister Militum Flavius Aetius View Post
    Yep, it doesn't matter anymore. We are all being watched.
    Bit of an ominous overstatement. We all have the potential to be watched, and its now easier to watch people, but most are far to unimportant to be watched. We simply gave up our privacy for convenience. It would be easy to go back to 1980's level of privacy, you could do it right now. In fact odds are it would be BETTER because whoever is watching is most likely going to know how to watch with current technology.

    Ditch the cell phone, stay off the internet. Congratulations! You are a modern day ghost.

    BTW anyone who did the Windows "How old are you?" thing where you uploaded a photo and it tried to guess your age gave microsoft their windows 10 password (since Windows 10 can use facial recognition software to log in with).
    Facebook or the like would be a far bigger issue here, being the "how old are you" thing was anonymous except for your IP.
    "When I die, I want to die peacefully in my sleep, like Fidel Castro, not screaming in terror, like his victims."

    My shameful truth.

  9. #9

    Default Re: Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

    Quote Originally Posted by Condottiere 40K View Post
    I'm sure I've seen at least one movie where someone rips out authorized personnel eyeball and presents it to the scanner.
    I seem to remember that biometric scanners are explicitly created with safeguards to identify if objects on scanner are still attached to owner (pulse, muscle movement,...) because the guys designing this have watched the same movies.
    "Sebaceans once had a god called Djancaz-Bru. Six worlds prayed to her. They built her temples, conquered planets. And yet one day she rose up and destroyed all six worlds. And when the last warrior was dying, he said, 'We gave you everything, why did you destroy us?' And she looked down upon him and she whispered, 'Because I can.' "
    Mangalore Design

  10. #10

    Default Re: Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

    Quote Originally Posted by Mangalore View Post
    I seem to remember that biometric scanners are explicitly created with safeguards to identify if objects on scanner are still attached to owner (pulse, muscle movement,...) because the guys designing this have watched the same movies.
    Not all technology is created equally. There is always going to be a company that does not put the time and care into their product. At the same time, this could also be an issue with user calibration. From this article about biometrics, it says that "The most negative factor with this type of technology, as the user ages it will change over time" (here's the link: http://united-locksmith.net/blog/wha...ics-technology). So what seems to happen is the tech is too good. If you are sick or getting old, then it starts to become more of a problem for the actual people that are supposed to have access. I always tell people that if your security is not practical for the people that are supposed to use it, then those people are going to break it.

    It is the same thing with apartment gates. There are always people breaking them, and working around the security because they make the mistake of losing a key. When people need to work around their own security, bad stuff can happen. If you add a company that is losing precious man hours every time a person with a blister can't get in the office, then they are going to recalibrate their devices so fast everyone heads are going to be spinning. Most of the devices have the ability to be sensitive enough to keep out someone with a cold.

    It just seems like biometrics don't work well for offices. Something like the German Minister's Office needs to work quickly and efficiently. Can you imagine if he is having a meeting and could not get into his office because he had a bit of a sore throat or a cut on his finger?

    Just post a guard outside of the door, and have some cameras to watch that guard. Run that office like a night club.

  11. #11

    Default Re: Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

    Quote Originally Posted by JamilW View Post
    Not all technology is created equally. There is always going to be a company that does not put the time and care into their product. At the same time, this could also be an issue with user calibration. From this article about biometrics, it says that "The most negative factor with this type of technology, as the user ages it will change over time" (here's the link: http://united-locksmith.net/blog/wha...ics-technology). So what seems to happen is the tech is too good. If you are sick or getting old, then it starts to become more of a problem for the actual people that are supposed to have access. I always tell people that if your security is not practical for the people that are supposed to use it, then those people are going to break it.

    It is the same thing with apartment gates. There are always people breaking them, and working around the security because they make the mistake of losing a key. When people need to work around their own security, bad stuff can happen. If you add a company that is losing precious man hours every time a person with a blister can't get in the office, then they are going to recalibrate their devices so fast everyone heads are going to be spinning. Most of the devices have the ability to be sensitive enough to keep out someone with a cold.

    It just seems like biometrics don't work well for offices. Something like the German Minister's Office needs to work quickly and efficiently. Can you imagine if he is having a meeting and could not get into his office because he had a bit of a sore throat or a cut on his finger?

    Just post a guard outside of the door, and have some cameras to watch that guard. Run that office like a night club.
    What changes and what does not. Iris and retina are, just like mentioned vein, fingerprint and dna-scans, are essentially static. Retina may change due to disease, but not else.
    So there is little issue with aging.

    Safety is another matter. What is not mentioned often is that with dead eye for example, it can be unnecessary to check movement and so forth. This is because when steady blood circulation to eye ends, tiny capillaries in the eye degrade very quickly to point where accurate scan will no longer accept the outcome.

    Eyes are not affected by flu, and scan can be quick. It is also painless as nothing is extracted.

    Guards add aspect of human error and reliability to the equation. There is little point to having cameras watch guard if nothing can be done before disaster is a reality.


    Everyone is warhero, genius and millionaire in Internet, so don't be surprised that I'm not impressed.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •