ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Jelly babies dupe fingerprint security

Rupert Goodwins GameSpot Europe

Published: 16 May 2002 16:03 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A Japanese researcher claims to have found a way to fool fingerprint scanners up to 80 percent of the time, using household materials and a little lateral thinking.

According to the security newsletter Crypto-Gram, Tsutomu Matsumoto from Yokohama National University has evolved a technique that takes casts from fingers and builds fake digits from gelatin -- the stuff of jelly babies. With care, he says, all 11 of the current fingerprint scanning technologies he tested give a false positive 80 percent of the time using the fraudulent jelly extremity.

Anyone can do this, says the researcher. First, take some free-molding plastic, obtainable from hobby stores. Take a cast of your finger. Once the plastic has hardened, pour in gelatin, available in sheets from grocery stores, and let it set. Optionally, you can then hollow out the fake finger and slip it over your own, bringing it up to body temperature for sensors that check that; you can also moisten it slightly to give it the same conductivity and capacitance as real flesh. Matsumoto also points out that if challenged by a security guard, you can eat the evidence.

In a more practical vein, Matsumoto has demonstrated a variation that works from fingerprints left on glass or other surfaces. First, he enhances it with cyanoacrylate adhesive -- superglue -- which is a standard technique used by forensic specialists to make prints visible. Then he takes a picture with a digital camera, enhances the contrast in PhotoShop and prints it on a transparency. He then uses this to etch a photosensitive copper-plated printed circuit board -- widely used by electronic engineers and hobbyists. This produces a 3D relief map of the original fingerprint, which can be then used to create a cast. The rest is as before.

Bruce Schneier, editor of Crypto-Gram, points out that Matsumoto is not a professional faker but a mathematician and conducted his experiments in what was in effect a kitchen environment. If he can achieve a reliable 80 percent hit rate, Scheier says, even semi-professionals can do much, much more and the results are enough to scrap all fingerprint recognition systems immediately.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
90 out of 155 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

JAVA recognition! 38,000 to 40,000 North West

Gifted JAVA developers North West. The leading distributor of software products to the service industry currently seeks gifted Java developers to add ...

IS-RETAIL SAP SD/MM CONSULTANT GLOBAL GIANT TOP SALARY+BENEFITS LONDON

50K plus excellent benefits, IS-Retail SD/MM consultant required for one of UKs leading Retail Stores. You would be joining a successful company that ...

Project Support Analyst

Remember, at Morrisons, everything is fresh - fresh products for the 9 million shoppers who visit our stores each week; fresh ideas from every part ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Mobile Security Expert: Your Camera Ph...

Mobile Security Expert: Your Camera Phone Got Hacked Author: Eric Everson, Founder MyMobiSafe.com Have you ever heard someone say “I’d like to be a fly on the wall in that room.”?... More

Post a comment

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers