Beat-Fingerprint-Security-By-Cutting-Off-Finger Trick No Longer Viable, Thanks To Sony
from the important-research dept
It's becoming less unusual for devices like laptops, and even mobile phones, to feature fingerprint scanners for secure access. The idea is that only the owner's fingerprint can unlock the device, so if it's stolen, it will be useless to a thief. This tends to help with most of your garden-variety theft, but as anybody who's watched a few action movies knows, fingerprint-based systems don't pose a problem for the really motivated thief, who can simply cut off their victim's finger and use it to access the device or secret lair or whatever. Cue some researchers from Sony, who will have screenwriters scrambling for a rewrite: they've come up with a system doesn't use fingerprints, but rather an image of the capillaries (via Network Computing) beneath the skin of a person's finger. The pattern in the image can only be captured when blood is pumping through the finger in question, so severing it from the rest of the victim would render it useless. Of course, this does little to stop thieves from beating their victims senseless, or otherwise "motivating" them to unlock the system with their finger, but hey, at least they get to keep their digits.
Reader Comments (rss)
(Flattened / Threaded)
how did they test it
who was the lucky winner to test to make sure a cut off finger really didnt work?
(reply to this comment) (link to this comment)
Flaws
I can see a few flaws with this idea:
First, according to the patent, Sony assumes that the finger capillaries would loose their blood and deflate if the finger were severed. It would seem that all the finger thief would have to do would be to simply first apply a tourniquet to the finger before severing it to prevent this.
Second, capillaries are easily damaged. Any kind of bruising or clotting, even on a microscopic level, would seem likely to cause authentication failure.
(reply to this comment) (link to this comment)
I wasn't aware
that there was a rash of people stealing laptops and then cutting of people's fingers to get access to them. Good to see that people are up on these major security problems.
(reply to this comment) (link to this comment)
Re: Flaws
As a self proclaimed clutz a simple mistake of slamming a finger in a door would keep me from unlocking said door or laptop with sort of security measure.
(reply to this comment) (link to this comment)
Ur Grammer
Here's a visit from the grammar police.
Less unusual? How about more common?
(reply to this comment) (link to this comment)
Bypass System
I always thought the security hole in these devices were complete workarounds, isolating and removing the device from the security system, or possibly even duplicating fingerprints (easy enough)... not actually severing the finger James Bond style...
(reply to this comment) (link to this comment)
Re: I wasn't aware
(reply to this comment) (link to this comment)
Wouldn't a change in blood pressure cause a false negative?
(reply to this comment) (link to this comment)
Yes, I'm sure all the folks who have suffered from SDS (severed digit syndrome) so that someone can get a peek at the goodies on their laptop are friends of (or a cousin of a friend) who woke up in a bathtub of ice with a missing kidney.
There's nothing like creating a problem where none exists.
(reply to this comment) (link to this comment)
According to mythbusters :) a simple photocopy fooled the current most "advanced" system. Sony's claims are one thing - I'd like to see proof it can't be foold
(reply to this comment) (link to this comment)
fail
I'm on Viagra so my capillaries are running like a flooded river
(reply to this comment) (link to this comment)
Toes
I use my toe. When thieves steal my laptop, I give them the finger!
(reply to this comment) (link to this comment)
This is a old idea I believe.
(reply to this comment) (link to this comment)
Authentec, a major chip maker in this space, has had similar technology for years. This is not news. Their chips read below skin level and sense the difference between a live finger and one the does not have warm blood surging though it.
If a thief is that desperate i am sure they will do what they currently do at ATM's and just hold a gun to your head and make you access the device for them.
(reply to this comment) (link to this comment)
Umm don't be too impressed just yet.
Mythbusters successfully bypassed just about every current fingerprint technology less than a year ago.
Even to the point that making a photo copy of a finger print and holding it to the scanner worked.
Read more here:
http://www.no2id.net/news/newsblog/?p=457
And watch the clip here:
http://www.youtube.com/results?search_query=myth+busters+fingerprint&search=
Dont' believe everything a marketing company tells you, especially if it's coming out of Sony's arsehole.
(reply to this comment) (link to this comment)
I guess it's still nothing a gun to the head won't remedy, huh?
Or just take out the Hard Disk and put it in another system, lol
(reply to this comment) (link to this comment)
There's an easier way...
...there's a slight pulse in your fingertips, it seems that a reader that also measured IF there is a pulse would be an simpler solution.
(reply to this comment) (link to this comment)
Re:
That's exactly what I was thinking. :-P
(reply to this comment) (link to this comment)
Re: Ur Grammer
'Less unusual' would be perfectly acceptable here, especially considering that the emphasis was meant to be placed on the unusualness of the device. Such emphasis would have been lost had the writer used the tired old cliché you suggested.
(reply to this comment) (link to this comment)
Hack & counterhack
When bank vaults came into vogue, the crims started kidnapping bank managers, forcing them to open the vaults at gunpoint. This led to the invention of the time lock. Same plot, different setting. The pattern will continue to repeat.
(reply to this comment) (link to this comment)
Re:
(reply to this comment) (link to this comment)
Re: There's an easier way...
(reply to this comment) (link to this comment)
Old News
Seems to me I read an article five or six years ago in Network Computing where they tested 6 fingerprint scanners and wanted to see how secure they were. I think they beat 4 of the 6 by using printer toner and tape to lift a fingerprint off of a table and used that on the fingerprint scanner. No severing of fingers required. The 2 which were not defeated had a pulse detector.
(reply to this comment) (link to this comment)
Cheap vs High Quality
The just-cut-the-finger-off in movies, and the photocopies would only work for the cheap systems that only scan the fingerprint. They've had systems for years that measure galvanic activity to ensure that the fingerprint is coming from a live finger. So your laptop might have the cheap reader, but it won't work at high-security facilities.
(reply to this comment) (link to this comment)
Yeah, Gun to the head, works every time.
(reply to this comment) (link to this comment)
Mythbusters...
Mythbusters showed a photocopy, let alone a balistic gel copy, of a finger print fools most systems. And those that sense for heat and moisture to see if its a real living digit were fooled by licking the photocopy/copy in question.
(reply to this comment) (link to this comment)
Re: Ur Grammer
How about spelling grammar correct? Hmm?
(reply to this comment) (link to this comment)
1 Laptop with fingerprint reader.. $2500
1 Knife.. $5
1 Unsuspecting pedestrian with said laptop.. $-2500
1 Severed finger to unlock the laptop.. $messy
Not knowing how to reformat a computer and using a severed finger to unlock a stolen laptop..... Priceless
There are some thieves that use severed fingers to unlock laptops..... For everyone else, there's General Computing Knowledge
(General Computing Knowledge would like to remind you that there are not actually any thieves who use stolen fingers to unlock laptops .. GCK .. Don't be a noob)
(reply to this comment) (link to this comment)
Re:
Depends on what the thief is after: data, or hardware. THe brute force types are likley to be after the hardware for resale, don't really care if it doesn't work.
The data theives will just trick the victim into telling all, either a Trojan or simple social engineering.
Besides, I wouldn't buy anything from Sony. Ever.
(reply to this comment) (link to this comment)
From Sony...
if its a laptop from Sony then it probably has a rootkit installed that would allow for data theives to get to you data through other means. And like Nasty Old Geezer said the ones that are looking to resale the hardware don't care it the hard disk is encrypted.
(reply to this comment) (link to this comment)
So, what happens if you accidently one day hit your finger against a hard surface, get it caught in a drawer as you was closing it, or get a paper cut?
Im sure everyone here has suffered stuff like this to their index fingers a few times by now in their lives, wouldent this burst some capillaries?
(reply to this comment) (link to this comment)
Add Your Comment