Chaos Computer Club Claims It Can Reproduce Fingerprints From People's Photos 80
An anonymous reader writes Chaos Computer Club, Europe's largest association of hackers, claims it can reproduce your fingerprints from a couple of photos that show your fingers. At the 31st annual Chaos Computer Club convention in Hamburg, Germany, Jan Krissler, also known by his alias "Starbug," explained how he copied the thumbprint of German Defense Minister Ursula von der Leyen. Because these fingerprints can be used for biometric authentication, Starbug believes that after his talk, "politicians will presumably wear gloves when talking in public."
Even better than gummi bears.
Fingerprints are everywhere. (Score:3, Insightful)
Re: (Score:2)
canada? i knew those bastards were after our women!!
"American Woman! Stay away from meeeee!
American Woman! Momma let me beeee!"
Re: (Score:3, Funny)
This really is nothing special.
Depends on what the shoe is made of...
Re: (Score:2)
Copying fingerprints of VIPs from glasses is only within reach of state or corporate sponsored criminals. The CCC's technique could allow your everyday criminal access to the fingerprints as well.
or anyone that can qualify as a cleaner, waiter, kitchen staff etc.
Re: (Score:3)
If you are not China, and do not control the glass? Is it special then? If you are not even suspected of controlling the glass?
This is why "biometric" authentication is useless (Score:4, Insightful)
Despite some of the biggest names in security lauding the advantages of biometric authentication, it's pretty flawed by design. If your fingerprints, facial structure, etc. are ever compromised, they become useless. Unlike a password or a cert, you cannot simply revoke who you are. So once the cat is out of the bag, you simply cannot use it again. Not to mention the fact that it could be fairly trivial to obtain fingerprints or other biometric data of a target.
Re: (Score:2)
Well, actually they can change.... I'm pretty sure my right retina is considerably different today than it was before 2010, when I had radiation and laser treatment for a tumor. Likewise, people can burn their fingers, altering the fingerprints with scar tissue.
Certs are certainly the way to go. What is needed is a way to be able to carry them on you at all times (implant perhaps?), while being able to update it and offer up public information on demand. The downside of this is a loss of anonymity. We alrea
Re: (Score:2, Insightful)
The problem isn't how to identify people. The problem is that we think that we need to identify people all the time. Tracking and identification is an obsession that's obviously rooted in paranoia. When was the last time you actually needed to prove to a stranger who you are and it wasn't just to satisfy an arbitrary requirement? When did you last perform full identification when a proof of ownership or proof of age had sufficed? Posting as AC because that's what I do, but also to make a point.
Re: (Score:2)
Shame I'm out of mod points.
Fact is, even the government hasn't got a clue who you are, other than the fact that you've got a card from them with a photo and a name printed on it. You probably got that card by showing them some other card with a photo and a name printed on it. That card, you probably got because you convinced your electric company and the library that your name really WAS Bobba Fett. They probably didn't care too much as long as they got paid and the books came back.
Re:This is why "biometric" authentication is usele (Score:5, Interesting)
Not useless, just not sufficient.
Your house key will work in hundreds of locks, but it's easier to pick the lock than track down exactly which house key might work on the house you want to break into. The reason that biometrics are useful is that they provide a second condition that has to be met for authentication, not because they provide the only one. If you give employees RFID cards and pair it with iris scanning, you're going to have moderately secure door security. It can get a lot better by adding other controls, for example introducing human checks into the system or an employee PIN.
Most businesses don't even have a second check for door security. I wish people would quit confusing a method of authentication with the idea that any single method is sufficient.
Re:This is why "biometric" authentication is usele (Score:5, Insightful)
It all boils down to the triad of security: Something you know, something you have, something you are. It's GOOD practice to pick one from each group in your authentication process (or at least, as it's common, one of two groups, usually a token and a PIN). It's useless to pick more than one from each group.
All three would e.g. mean that you have a guard sitting there who compares your face to a book of "accepted" faces (something you are) while you hold your RFID card (something you have) against a scanner after punching in your PIN (something you know). That's about as good as it gets. Nothing you could do that ADDS to this could improve this part of your security. Using two of one group is useless. It's useless to require two different PINs. For the obvious reason, someone who can force you to hand over your first pin will also force the second one out of you. Equally it's useless to require two tokens. Where you can steal one, you can steal two.
You can of course improve by using better means to do either of the three groups. You could give the guard additional tools, use better encoding for the cards, use longer PINs. But you cannot improve by using two features from the same group.
Re:This is why "biometric" authentication is usele (Score:5, Interesting)
It should actually be a quartet of security: something you know, something you have, who you are & where you are.
Where you are is interesting for banks for example, they know that it is not possible to have two ATM transactions in the same hour on the other side of the world.
"Something you are" is not easy to establish by machines.
Any biometric system needs a guard to check if you are not trying to fake it. For example with a finger print scanner's guard should:
- Clean the scanner. In case the latent finger print left on the device won't confuse it.
- Check the person fingers for fake prints, and medical scars.
- Physically take the person's finger and put it on the scanner (to make sure the person has no possibility to add the fake print to the finger between the check and the scan)
- Clean the scanner. To make sure the latent finger print will not be lifted from the scanner's smooth surface, when the guard is looking away.
The person with the finger, should wear gloves everywhere, except when using the scanner.
Soon we will be wearing, burkas, sun glasses and gloves to make sure our identities will not be lifted.
Re: (Score:2)
The where clause in your example does not work out as a valid authentication feature. It can be used as a flag to show that "there's something not right here", but it cannot answer one important question: Which transaction was genuine, the one in Paris or the one in Melbourne?
You can use various plausibility checks on top of it, depending on the actual application (e.g. in banking you can draw from the transaction patterns so far and flag suspicious transactions that differ greatly in target or amount) and
Re: (Score:2)
No. Biometric authentication won't replace all other methods of security anytime in the foreseeable future, nothing that requires serious security will rely on them alone. I have a hard time believing they ever could. If any serious company tries anytime in the next twenty years, you have my advice to place bets that it will be compromised in short order.
I keep seeing this idea that biometrics are flawed b
Re: (Score:2)
Interesting comment, can you point to any articles on the topic?
Re:This is why (Score:1)
Where you are is interesting for banks for example, they know that it is not possible to have two ATM transactions in the same hour on the other side of the world.
So AMEX blocked my card because they found it suspicious that I tried to buy a train ticket at Tokyo Narita Airport, 13 hours after having bought something at London Heathrow Airport...
almost. 6 digit PIN better than 3 digit. (Score:3)
It is of course best to use factors from different groups. Your theory takes a much stronger stance than that. I'm not sure your theory is correct.
I would say that a six-digit PIN is slightly more secure than a three-digit pin. Not twice as secure, but somewhat better. Agreed?
Two pins of three digits each is the same as a six-digit pin. Agreed?
Therefore, two three-digit pins is somewhat better than one three-digit pin.
Two from the same group are therefore somewhat better than just one, but not as good a
Re: (Score:2)
Two three-digit pins are not more secure than one six digit pin. Essentially, they ARE one six digit pin. If I can force you to hand over one pin, I can force you to hand over two, three or any number that you might have. If you write down one pin, you'll just as well write down two. Anything that compromises the first pin will nearly certainly compromise the other one.
And 6-digit is better than 3-digit (Score:2)
> Two three-digit pins are not more secure than one six digit pin.
> Essentially, they ARE one six digit pin.
That was #2 of my three statements. You seem to have missed the other two.
a) Two three-digit PINS are the same as one six digit PIN.
b) One six-digit PIN is better than one 3-digit PIN.
c) Therefore, two 3-digit PINs is better than one 3-digit PIN.
If you have any confusion or disagreement let me know whether it's with a, b, or c.
Your constraint that security breeches can occur only by the princip
Re:This is why "biometric" authentication is usele (Score:4, Insightful)
Minor quibble: using two of one group is not useless either, it is only less useful.
Re: (Score:2)
What place doesn't allow such an answer and why is their CISO still in one piece?
Re: (Score:2)
Of course someone could say their mother's maiden name was "zx81 Tamoxifen lion soap" but how many would give answers that aren't actually their mother's maiden name? And some places/services don't even allow such answers.
Of course, giving obscure answers can be problematic as well. Do you need to change security settings? Forgot your obscure answer? Didn't store it as securely as the password cause you didn't think you'd need it? Congratulations, you're locked out of changing your settings.
For a real world example, adding 2-way authentication to EA's Origin accounts requires answering the security question. Can't remember it? You can't add additional security to your account. There's complaints on their forums about this. O
Re: (Score:2)
No, sorry. Usernames are not one of the authentication factors. They play a key role in authorization, and it's very common to get the whole spiel conflated, but there is a very important distinction: Usernames are probably something you know, but also something everyone else can know. They are not a secret. Authentication factors are distinguished by the fact that only the "right" person has them. Something you know is something YOU know (and nobody else). Something you have is something YOU have (and nobo
Re: (Score:2)
If we're talking about protecting against unauthorized access in the real world, we do want a username and password combination because that's harder to guess than just a password. If I am running a website where I'm using a cookie as part of the authentication process, then yes, it is best to keep a database where I tie the cookie to an IP address because that makes it harder to hijack a session.
Re: (Score:2)
It's the same deal with a nonphysical attack. How is 8 letters username + 8 letters password harder or easier to crack than a 16 letters password? Even provided that both username and password WERE secret, which they usually are not, you don't gain security by splitting up a X-bit key into two keys Y and Z that have together a length of len(X). It is the same attack complexity. How are the two tokens "username" and "password" harder or easier to brute force than the one token "usernamepassword"?
The point is
Re: (Score:2)
It isn't easier to crack, but people remember usernames easier, so you get people who will enter 16 characters instead of eight. The validating server can treat them as separate lookups or not without impacting the efficiency of brute force attacks. The advantage of using multiple entries is that you end up getting more characters that have to be guessed correctly, which is a compound effect, so adding a PIN
Re: (Score:2)
Still, for an attacker adding a second "what you know" part doesn't change the game. Look at it from an attacker's point of view. When he can browbeat you into handing over your credentials, it matters not whether he has to listen to one word or two. When he can trick you into handing them over (e.g. via keylogger), it matters not whether it's one word or two.
And even if he has to employ brute force it matters little, for however complicated it may be to brute force two words m and n letters long, it is jus
Re: (Score:2)
Logically? No. But in practice, I support both approaches and yes, for no obvious logical reason, it makes a huge difference.
Re: (Score:2)
. That's about as good as it gets. Nothing you could do that ADDS to this could improve this part of your security. Using two of one group is useless. It's useless to require two different PINs. For the obvious reason, someone who can force you to hand over your first pin will also force the second one out of you.
This seems strange to me. Why is the use of 2 categories an improvement, but 2 from one category is not? It seems to me that the attacker who would coerce you to give up 2 "somethings you know" would just as easily force you to give up a "something you know" and a "something you have". But you're differentiating as if a mugger could only demand one type of thing.
Security is layered. Having multiple forms of "something you know" could be useful, just as having multiple "something you haves" could-- and i
Re: (Score:2)
Of course, as soon as you add brutal force to the attack spectrum, things get a bit harder to defend against. But still two of different categories will provide better (I don't say perfect, just better) protection against attacks in general. There are of course certain attacks you will not defend against.
Most of all, using two distinct authentication factors (of different groups) make it much harder to swipe them unnoticed, or at least not noticed until too late. If I can slip a trojan into your computer, a
Re:This is why "biometric" authentication is usele (Score:4, Insightful)
I always think of security like the Miller-Rabin test for primality [wikipedia.org] (which is really a test for a number being composite): it does not give an absolute assurance, but each time you test a given candidate again with a new challenge, you reduce the probability that the candidate is composite, and each test is orthogonal to the previous ones. You, the designer of the system requiring confidence that a big number is prime, get to select your confidence level by adjusting the number of tests applied.
So too, then, you, the designer of a security system requiring confidence that a given person is who they claim to be, get to select your confidence level by adjusting the number of factors required. A brass key gives a certain level of confidence. An iris/thumbprint/palmprint/voiceprint scan another. An RFID card another. A PIN/password another. Being recognized by a guard another. Each is orthogonal to the rest.
Re: (Score:2)
It doesn't matter if it's possible to make a targeted attack against an individual, you could do that with a key too
If the shape of every key you had was publicly visible every time you went outside and in every photo you were in, they would probably be a lot less useful as well.
It's not "even better than gummi bears" (Score:1)
Gummi bears are a medium to reproduce fingerprints (and a delicious snack). This is a method to capture fingerprint images. Two completely different things.
No details (Score:4, Insightful)
TFA has no details, so there is no way to evaluate the credibility of the claim.
Re: (Score:3)
Any photograph with sufficient resolution and contrast
Re: (Score:3)
Deckard: Enhance 224 to 176.
[a man's arm becomes visible]
Deckard: Enhance. Stop.
[the man's shoulder and wrist are visible]
Deckard: Move in. Stop.
[close-up of man's wrist]
Deckard: Pull out, track right. Stop.
[writing is visible]
Deckard: Center and pull back. Stop.
[arm and door are visible]
Deckard: Track 45 right. Stop. Center and stop.
[doorway and mirror are visible]
Deckard: Enhance 34 to 36.
[dresser top is visible]
Deckard: Pan right or-and pull back. Stop.
[mirror is visible]
Deckard: Enhance 34 to 46.
[blurre
Re: (Score:2)
The point being that although the prints may not show up to the eye in the photo, processing it to enhance the size and contrast may make the prints stand out.
Exactly - the investigators on the CSI tv series have been able to do this for years so I don't know why this is news.. All they have to do to read a person's drivers license from a 640x480 security camera image taken from 200 meters away in poor light is to ask the image processing dude to "enhance image".
Biometrics (Score:2, Informative)
If you running a security system that only uses fingerprints you are a fool.
In a security area it should also at least be protected by a code/pattern + prints + tag/card/key, when each piece is scanned/entered and image/photo of the person wanting access is displayed to your security personnel who can then either approve/deny access.
Biometics alone is insufficient as is very easy to pick up prints, even retinal scanners can be fooled with enough tech, A 4 way security system is better but not foolproof, the
Re: (Score:3)
100% security is actually possible. It is just very, very expensive. And as soon as the security expense outmatches what you try to secure with it, it stops fulfilling its purpose because it becomes actually cheaper to have your security broken.
I remember back when I was still programming peopel used to say "90% of the work take 10% of the expenses, it's the other 10% that cost 90% of time and money". In security the rate is close to 98:2. You can get your system very secure at very little expense. Getting
Re: (Score:2)
Good enough. Is the key.
If you go too crazy with security. People will find shortcuts around the team in charge of security.
Too lax you are open to problems. Biometric in generally is the sweet spot.
Good enough to to keep people secure without becoming overly burdensome.
For your phone or your pc, being that you are not a direct target to get your account. You prevent people from getting into your system. If you are some person who has access to hard to get to data. Then yes you may need to go more secure.
Re: (Score:2)
Great job. Now go convince 7 billion people of that. Meanwhile, people are buying bio-only devices.
If you came here to proselytize, you have the wrong audience. Isn't this demonstration far more effective than your post was?
IMO, The biggest problem with fingerprint.... (Score:3)
Re: (Score:2)
Re:IMO, The biggest problem with fingerprint.... (Score:5, Insightful)
Fingerprints aren't even good for ID. They shouldn't be used at all.
Biometrics should be limited to deep vein scans which are fast, accurate, very hard to "steal", very difficult to obtain without the user's consent, and aren't being left all over the place all the time.
Re: (Score:2)
>"Deep vein scans? What practical use are those if it takes so much effort to confirm the identity anyway?"
Have you used them? I have. A deep vein palm scan is easy, and takes only a few seconds. In addition it is pretty cheap and simple too.
Re: (Score:2)
... authentication is that even if all of the security measures associated with storing and authenticating your fingerprint were utterly unbreachable, your fingerprints can still be taken without your consent, while if you do not want someone accessing data that is guarded by a a secure password, however, then barring vulnerabilities in the security facilities associated with it (which would apply equally to fingerprint security as well anyways), then that information can only be obtained by you voluntarily surrendering it.
http://xkcd.com/538/ [xkcd.com]
Re:IMO, The biggest problem with fingerprint.... (Score:4, Insightful)
The biggest problem with fingerprints is very simply that, if compromised, it's damn hard to change them, unlike passwords.
Second problem, unlike your password, you can't really help but compromise them. You leave them littered about everywhere. Every waiter can have your prints if he so chooses.
Plus you have trivial bypasses anyway (Score:1)
Re: (Score:2)
Whom do you mean by "NOT ONE OF US"? And when you say " IT LIVING ON SITE (think Monastery)" do you mean that no one is safe? If so, then what do you mean by "NOT ONE OF US"?
Everyone is subject to any attack any moment of the day, by someone who knows the vulnerabilities. Anyone with sufficient power who does not already know this is an idiot, and likely not reading this website.
Restate your point, if indeed you have one?
Re: (Score:2)
CSI is about the worst that could have happened to real life forensics. It's done more damage than any TV show in history.
Biometric authentication is flawed (Score:2)
Re: (Score:2)
You are repeating something that has been said elsewhere, and I suggest you cite sources when you plagiarize ideas that can be quickly checked. And, TFA does not say what you think it says - the quote is above for anyone to judge for themselves.
Re: (Score:2)
And you have at most 10.
Now think of one sensor type. You need access to 12 things. 12 Things save the data of your fingerprint (fuzzy). Enough data to identify a fuzzy fingerprint from you. Now lets start calculating something similiar to a fingerprint, which matches the fuzzy data. Now print it in 3D and authenticate at one of the other things with it. So suddenly the thief of your mobile phone can be you at the ATM.
Flawless :P (Score:1)
http://popularbloggingtopics.c... [popularblo...topics.com]