/* ---- Google Analytics Code Below */

Wednesday, April 08, 2020

Fingerprint Cloning?

I recall  this came up when we set up our innovation labs.    Retails suggested it was much discussed at the time.  It was ultimately discounted because it was too hard to do.   Seems things have changed.  Via the Cisco blog 

Fingerprint cloning: Myth or reality?
Phone, computer fingerprint scanners can be defeated with 3-D printing
By Paul Rascagneres and Vitor Ventura.

EXECUTIVE SUMMARY

Passwords are the traditional authentication methods for computers and networks. But passwords can be stolen. Biometric authentication seems the perfect solution for that problem. There are several kinds of biometric authentication, including retina scanning, facial recognition and fingerprint authentication, the most common one. Everyone's fingerprints are unique, and it is commonly accepted that they can identify a person without being reproduced.

Technological evolution expanded fingerprint authentication to all kinds of devices, from laptops to mobile phones, to padlocks and encrypted USB drives. Fingerprint authentication became commonly available on phones with the launch of Apple TouchID in the iPhone 5 in 2013. That technology was bypassed shortly after being released. Since then, the technology evolved into three main kinds of sensors: optic, capacitance and ultrasonic.

Our tests showed that — on average — we achieved an ~80 percent success rate while using the fake fingerprints, where the sensors were bypassed at least once. Reaching this success rate was difficult and tedious work. We found several obstacles and limitations related to scaling and material physical properties. Even so, this level of success rate means that we have a very high probability of unlocking any of the tested devices before it falls back into the pin unlocking. The results show fingerprints are good enough to protect the average person's privacy if they lose their phone. However, a person that is likely to be targeted by a well-funded and motivated actor should not use fingerprint authentication.  ... " 

No comments: