Truth is stranger than fiction: hacker can fake fingerprint verifications using photographs of people's hands

[Roma_Victrix]

Hacker fakes German minister's fingerprints using photos of her hands: Jan Krissler used high resolution photos, including one from a government press office, to successfully recreate the fingerprints of Germany’s defence minister

Wow. Also, another good takeaway from that article:

How to go from there to stealing all their passwords?

One way, demonstrated on stage, is to read what they’re typing by analysing photographs of the reflections in their eyes. Smartphone cameras, even front-facing ones, are now high-resolution enough that such an attack is possible.

We're doomed.

Seriously, though, do you guys think this will lead to immediate security breaches? As in the next few years, if not within this fiscal year? Advancements in personal technology may come back to bite us in the rear, it seems. The article suggests using fingerprints as a user name in conjunction with a long hard-to-encrypt password, yet given the quote above, even that can potentially be snatched.

[RubiconDecision]

In the early days of biometrics, you could use fingerprint impressions from gummyworms.

Most people don't know this, but graphic design folks have found fingerprints on scanned photos, as far back as Photoshop 3.0(1994) and those could similarly be utilized.

When you pass around glossy photos versus matte, the oils and fingerprints transfer and show up when zoomed. These pick up dust and are often touched up as they ruin a shot.

[Condottiere 40K]

969
Which leaves us with foot prints.

[RubiconDecision]

Nope retinal or even iris scans.

[Condottiere 40K]

I'm sure I've seen at least one movie where someone rips out authorized personnel eyeball and presents it to the scanner.

[RubiconDecision]

Human beings each have a unique cloud of bacteria that are deposited on surfaces as we move around.
http://www.wired.com/2010/03/keyboard-microbiome/

The military can deposit smart dust on a suspect and track them.
http://www.cnn.com/2010/TECH/05/03/smart.dust.sensors/

[Magister Militum Flavius Aetius]

Yep, it doesn't matter anymore. We are all being watched.

BTW anyone who did the Windows "How old are you?" thing where you uploaded a photo and it tried to guess your age gave microsoft their windows 10 password (since Windows 10 can use facial recognition software to log in with).

[Phier]

Yep, it doesn't matter anymore. We are all being watched.

Bit of an ominous overstatement. We all have the potential to be watched, and its now easier to watch people, but most are far to unimportant to be watched. We simply gave up our privacy for convenience. It would be easy to go back to 1980's level of privacy, you could do it right now. In fact odds are it would be BETTER because whoever is watching is most likely going to know how to watch with current technology.

Ditch the cell phone, stay off the internet. Congratulations! You are a modern day ghost.

BTW anyone who did the Windows "How old are you?" thing where you uploaded a photo and it tried to guess your age gave microsoft their windows 10 password (since Windows 10 can use facial recognition software to log in with).

Facebook or the like would be a far bigger issue here, being the "how old are you" thing was anonymous except for your IP.

[Mangalore]

I'm sure I've seen at least one movie where someone rips out authorized personnel eyeball and presents it to the scanner.

I seem to remember that biometric scanners are explicitly created with safeguards to identify if objects on scanner are still attached to owner (pulse, muscle movement,...) because the guys designing this have watched the same movies.

[JamilW]

I seem to remember that biometric scanners are explicitly created with safeguards to identify if objects on scanner are still attached to owner (pulse, muscle movement,...) because the guys designing this have watched the same movies.

Not all technology is created equally. There is always going to be a company that does not put the time and care into their product. At the same time, this could also be an issue with user calibration. From this article about biometrics, it says that "The most negative factor with this type of technology, as the user ages it will change over time" (here's the link: http://united-locksmith.net/blog/wha...ics-technology). So what seems to happen is the tech is too good. If you are sick or getting old, then it starts to become more of a problem for the actual people that are supposed to have access. I always tell people that if your security is not practical for the people that are supposed to use it, then those people are going to break it.

It is the same thing with apartment gates. There are always people breaking them, and working around the security because they make the mistake of losing a key. When people need to work around their own security, bad stuff can happen. If you add a company that is losing precious man hours every time a person with a blister can't get in the office, then they are going to recalibrate their devices so fast everyone heads are going to be spinning. Most of the devices have the ability to be sensitive enough to keep out someone with a cold.

It just seems like biometrics don't work well for offices. Something like the German Minister's Office needs to work quickly and efficiently. Can you imagine if he is having a meeting and could not get into his office because he had a bit of a sore throat or a cut on his finger?

Just post a guard outside of the door, and have some cameras to watch that guard. Run that office like a night club.

[Tiwaz]

Not all technology is created equally. There is always going to be a company that does not put the time and care into their product. At the same time, this could also be an issue with user calibration. From this article about biometrics, it says that "The most negative factor with this type of technology, as the user ages it will change over time" (here's the link: http://united-locksmith.net/blog/wha...ics-technology). So what seems to happen is the tech is too good. If you are sick or getting old, then it starts to become more of a problem for the actual people that are supposed to have access. I always tell people that if your security is not practical for the people that are supposed to use it, then those people are going to break it.

It is the same thing with apartment gates. There are always people breaking them, and working around the security because they make the mistake of losing a key. When people need to work around their own security, bad stuff can happen. If you add a company that is losing precious man hours every time a person with a blister can't get in the office, then they are going to recalibrate their devices so fast everyone heads are going to be spinning. Most of the devices have the ability to be sensitive enough to keep out someone with a cold.

It just seems like biometrics don't work well for offices. Something like the German Minister's Office needs to work quickly and efficiently. Can you imagine if he is having a meeting and could not get into his office because he had a bit of a sore throat or a cut on his finger?

Just post a guard outside of the door, and have some cameras to watch that guard. Run that office like a night club.

What changes and what does not. Iris and retina are, just like mentioned vein, fingerprint and dna-scans, are essentially static. Retina may change due to disease, but not else.
So there is little issue with aging.

Safety is another matter. What is not mentioned often is that with dead eye for example, it can be unnecessary to check movement and so forth. This is because when steady blood circulation to eye ends, tiny capillaries in the eye degrade very quickly to point where accurate scan will no longer accept the outcome.

Eyes are not affected by flu, and scan can be quick. It is also painless as nothing is extracted.

Guards add aspect of human error and reliability to the equation. There is little point to having cameras watch guard if nothing can be done before disaster is a reality.