Submit a link Features Reviews Podcasts Video Forums More ▾

UK kids have the right to opt out of school fingerprinting (even if their parents are OK with it)


New provisions of the UK Protection of Freedom Act 2012 went into effect this September, which strictly limits the gathering of biometric information from children. Under the law, kids have the right to opt out of biometric collection (including fingerprinting, which is in widespread use in UK schools). Kids have this right even if their parents or school insist upon their submission to biometric collection. Needless to say, schools have done pretty much nothing to accommodate this legal right, and as Jon Baines points out, this is a great teachable moment for privacy conscious kids (in that they could teach their educators that privacy is worth something, even if you're just a kid).

Read the rest

Iphone fingerprint hacker on the limits of biometrics for security

Jan "Starbug" Krissler, the Chaos Computer Club researcher who broke the fingerprint reader security on the new Iphone, had given a long interview to Zeit Online explaining his process and his thoughts on biometrics in general. The CCC's Alex Antener was good enough to translate the interview for us; I've included some of the most interesting bits after the jump.

Read the rest

More details, new video showing Iphone fingerprint reader pwned by Chaos Computer Club


Starbug, the Chaos Computer Club hacker who broke the fingerprint biometric security on the Iphone, has given an interview [German] to CT Magazine detailing the hack, and released a new video showing how he did it.

Read the rest

Chaos Computer Club claims it can unlock Iphones with fake fingers/cloned fingerprints

The Chaos Computer Club's biometric hacking team has announced a successful attack on Apple's Iphone biometric fingerprint lock, using a variation on the traditional fingerprint-cloning technique. CCC's Starbug summarizes: "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

Read the rest

Why fingerprints make lousy authentication tokens


An "expert" quoted in the Independent predicts that thieves will amputate their victims' fingertips in order to bypass the biometric locks on the new Iphones. I'm not particularly worried about this vulnerability (if you're willing to cut off someone's fingertip to unlock his phone, you're probably also willing to torture him into giving up his PIN), though I remember reading stories of carjackers who amputated their victims' fingertips in order to make off with their biometrically protected cars.

More interesting is the prediction that phone thieves will lift their victims' fingerprints and use them to bypass the readers. As German Interior Minister Wolfgang Schauble discovered, you leak your fingerprints all the time, and once your fingerprint has been compromised, you can't change it. (Schauble was pushing for biometric identity cards; playful Chaos Computer Club hackers lifted his fingerprints off a water-glass after a debate and published 10,000 copies of them on acetate as a magazine insert).

This is the paradox of biometric authentication. The biometric characteristics of your retinas, fingerprints, hand geometry, gait, and DNA are actually pretty easy to come by without your knowledge or consent. Unless you never venture into public without a clean-room bunny-suit, mirrorshades, and sharp gravel in your shoes, you're not going to be able to stop dedicate strangers from capturing these measurements. And as with Schauble's fingerprints, you can't revoke your DNA and replace it with new DNA once a ripoff artist has used it to clean out your bank-account or break into your workplace.

That's why cops use them, after all: it's nearly impossible to keep them to yourself, and once they're in the wild, they can be used against you.

Read the rest

MD used "silicone fingers" to trick biometric time clock on colleagues' behalf

NewImageBrazilian doctor Thaune Nunes Ferreira, 29, was arrested for fraud for allegedly covering up her colleagues' absence from work by using prosthetic fingers to sign them in on a biometric time clock at the hospital near Sao Paulo. According to the BBC, "police said she had six silicone fingers with her at the time of her arrest, three of which have already been identified as bearing the fingerprints of co-workers." Ferreira's attorney claims "she was forced into the fraud as she faced losing her job." (BBC News)