Biometric security has been around for a while, but just recently has the technology become popular in the world of securing many kinds of systems. Essentially, biometric security technology collects information concerning a part of your body- most commonly fingerprints, but also retinal scans, voice recognition and measurements of the face between certain parts. You have all seen the super spies easily dupe these such systems in movies. This fiction has recently turned into reality by a Japanese cryptographer named Matsumoto.
This story is pretty old (2002), but a buddy referred it to me when he was doing a research paper on Biometrics and Bioinformatics. Matsumoto first managed to fool fingerprint detectors four out of five times with a gummy bear (yes, the candy), everyday kitchen supplies and a camera. He was able to transfer the fingerprint found on a surface to the gummy bear (or a mold similar in chemical make-up) to apply to the scanner.
In a more scientific and more successful operation, he lifted a fingerprint from a piece of glass then applied super-glue fumes to it to bring greater detail to the contours of the fingerprint. Next, he digitally enhanced a picture he took of the fingerprint with Photoshop and printed the result onto a piece of paper. Then, he would trace the image onto a piece of printed circuit board with copper with the printed transparency. Then, he would apply the raised, traced circuit board to the same gummy bear type material from the previous method. He managed again to fool the scanners four out of five times. He was able to best eleven different scanners through the same means.
It isn’t like Matsumoto paid a fortune for the supplies he needed to fool supposedly high security devices. And, it doesn’t take a genius to execute this operation either. It is highly surprising that this supposed highly secure security system is so vulnerable to exploitation. The Biometric Security and Bioinformatics industry is a booming industry, and an exploit like this successfully undermines an entire section of their product niche. Matsumoto has single-handedly rendered this technology a great deal less useful. Even with this fact, it seems in the past six years since this story broke, the industry is still doing fine and the general population of consumers still believes this technology to be infalliable. Fingerprint scanners are being found in more and more products including cars, laptops, buildings and in institutions like banks for identity assurance. It is scary to see such low tech approaches effectively rendering high tech systems useless. In the future, I hope to post on other physical vulnerabilities that high tech is susceptible to.
Over and out.