Category: 
Back in nineties I was working with TeKey Research group, supplying them raw materials for their tests. The task was to study if fingerprint sensors accept dead fingers. Yes, I was pathologist these years and got plenty of themJ. After few experiments we realized that optical sensors cannot distinguish dead fingers from alive. Even worse, they accepted fingerprint images.
See how we did it. You will like the idea and simplicity.
First you will need some equipment. We used something always available in every office or home.
-
PPC transparence film
-
Stamp-pad
-
Scissors
Touch a stamp-pad to blot the finger tip with ink. You can use any other method, like ink marker, water or oil color, carbon paper etc.
Seal the transparence film with your finger. You can experiment with various types of films. It could be any transparence plastic flexible material.
Make sure that you’ve got a clear fingerprint. If not, repeat previous steps.
Cut the fingerprint out close to the outline. For the sensor that was used in our study it was important to fit the film to the window of the device. If you have to sweep the image along the sensor cut the ribbon corresponding to the direction of sweeping.
Place the film on the sensitive part of the device. Now the devise is ready for an “optical illusion”
In order to reduce the risk to expose your own fingerprint, cover your falsification with soft material, hold it tight and wait for the result.
When presented to an optical sensor the fingerprint image is accepted and identified like the original finger.
What is the bottom line?
- Optical fingerprint sensors accept fake fingerprints, fingerprint images and scans
- If you use one for protection of your computer you are always at risk
- Biometrics offers a false sence of security and protection, especially when using optical sensors.
But this is far not all. In my next post I will show you the second part of this experiment, which is even more impressive. Keep reading
alright you debunked finger scanning, but whats the real deal with optical scans?
Ed,
Optical fingerprint scanners are not reliable. Optical sensor cannot distinguish fake from real. Even those that cost more than $700, like Crossmatch and are used in visa program by UK and USA government.
Matrix capacitive scanners are also not reliable. Swipe-type sensors, like Upek, LTT, Authentec, Atmel are a bit more reliable, because they need some proficiency to fake a finger they will accept.
What I am trying to say is that Biometrics has nothing to do with Security, at least in the way it is currently used.
Biometrics can offer user convenience and ease of operation, and enhance security indirectly. For example, if you must not remember your password, and if it is filled automatically after your finger recognized – you may use long and strong ones. Another example - your digital signature is released after you are recognized.
Anyway, these applications must be used with personal devices and in no way with publically available biometric terminals.
So, how would you copy the guy’s fingerprint? Let’s say he’s a stranger…
It is much easier than you can imagine. Just see the second part of tutorial