Why fingerprints make lousy authentication tokens


An "expert" quoted in the Independent predicts that thieves will amputate their victims' fingertips in order to bypass the biometric locks on the new Iphones. I'm not particularly worried about this vulnerability (if you're willing to cut off someone's fingertip to unlock his phone, you're probably also willing to torture him into giving up his PIN), though I remember reading stories of carjackers who amputated their victims' fingertips in order to make off with their biometrically protected cars.

More interesting is the prediction that phone thieves will lift their victims' fingerprints and use them to bypass the readers. As German Interior Minister Wolfgang Schauble discovered, you leak your fingerprints all the time, and once your fingerprint has been compromised, you can't change it. (Schauble was pushing for biometric identity cards; playful Chaos Computer Club hackers lifted his fingerprints off a water-glass after a debate and published 10,000 copies of them on acetate as a magazine insert).

This is the paradox of biometric authentication. The biometric characteristics of your retinas, fingerprints, hand geometry, gait, and DNA are actually pretty easy to come by without your knowledge or consent. Unless you never venture into public without a clean-room bunny-suit, mirrorshades, and sharp gravel in your shoes, you're not going to be able to stop dedicate strangers from capturing these measurements. And as with Schauble's fingerprints, you can't revoke your DNA and replace it with new DNA once a ripoff artist has used it to clean out your bank-account or break into your workplace.

That's why cops use them, after all: it's nearly impossible to keep them to yourself, and once they're in the wild, they can be used against you.

Fraudsters have also succeeded in lifting and duplicating prints with technology that “is only going to improve with time”, he added.

“Thieves in some regions have worked out that you can force a victim to unlock a secured device, and in some extreme cases have also mutilated victims in order to steal their fingerprint.”

The hi-tech scanners are said to work best when combined with a pin code or another security feature.

“Fingerprints can be a useful addition to security but their value depends highly on the type of fingerprint reader and how it is being used - for example, the best use of a fingerprint is to provide a convenient way to unlock something in a medium to low security scenario,” Mr Rogers said.

iPhone 5S: Thieves may mutilate owners in bid to gain access to fingerprint-reading handsets, expert warns [Katie Hodge/The Independent]

(Image: fingerprint closeup, a Creative Commons Attribution (2.0) image from gcfairch's photostream)

Notable Replies

  1. This would be plausible if the iPhone's sensor didn't require capacitance to be present in a pattern that matches the fingerprint – no chopped off digits or high resolution print outs will work. It may be possible to do some Mission:Impossible style overlay that adjusts the capacitance of an existing fingerprint to match a scan of somebody else's, but by that point you've probably got bigger things to worry about than whether the super spy wants to read your phone.

    http://www.macworld.com/article/2048514/the-iphone-5s-fingerprint-reader-what-you-need-to-know.html

  2. WTF says:

    You have 10 fingers with different finger prints, use more than one (say 4) and change the sequence periodically. Now you have a 4 digit pin........Doh!

  3. maxp says:

    Severed fingers and casts made from fingerprints need not apply:

    [The iPhone 5S fingerprint sensor] can detect the ridge and valley pattern of your fingerprint not from the layer of dead skin on the outside of your finger (which a fake finger can easily replicate), but from the living layer of skin under the surface of your finger, using an RF signal. That only works on a live finger; not one that's been severed from your body.

    http://www.citeworld.com/security/22399/iphone-fingerprint-scanner-better-biometrics

  4. Yeah so... Apple has addressed this; they say this is not an optical scanner, does not rely on the top skin layer but rather conductivity of subdermal layers. In other words, they claim that the known vulnerabilities of past fingerprint systems do not apply.

    Attack Apple's claims, argue that they can't be true, explain how this could be fooled by x or y technique, even just speculate about the as-yet-not-publicly-testable tech that Apple is touting: this could be interesting or useful.

    Spread fearmongery bullshit about irrelevant stuff that Apple has claimed does not apply here: not interesting, and not useful.

    I've seen lots of high-emotion discussion about the TouchID sensor, and almost all of it pretends that Apple hasn't even attempted to address known vulnerabilities of fingerprint scanner technology. That's just silly.

  5. Yes, but this is Cory we're talking about. Any chance to slag Apple, even with poorly-researched and incomplete data, and he's all over it.

Continue the discussion bbs.boingboing.net

70 more replies

Participants