Fake fingers from China

These images are from internet-based businesses in China. They are advertising a series of finger attachments complete with random fingerprints. The purpose is to provide people with a method of defeating fingerprint identification ranging from time/attendance to border access. The price is $15 US per unit.


I have no idea what level of sales have been achieved or what level of usage is occurring. It’s interesting that the average person on the street can obtain the product. It makes me wonder how far state-sponsored efforts have progressed.


The image of the simpler wrap shows a method that claims to pass liveness testing. I cannot be for certain if any of the products would spoof modern readers although that is clearly the intent. A person could slip on the fingers and then use a fingerless-glove, bandages, or something else to hide the prosthetic.


Like pirating, we are starting to see the escalation between security and countermeasures.

New Hampshire bill would ban biometrics in ID cards

Acting out of concerns for residents' privacy, the New Hampshire Legislature is considering a bill that would ban the use of biometrics data in identification cards. But at least two trade groups oppose the legislation, saying biometrics technology has a number of security benefits, namely around ID management. The bill would prohibit biometrics data, including fingerprints, retinal scans and DNA, from being used in state or privately issued ID cards, except for employee ID cards. In addition, it would ban the use of ID devices or systems that require the collection or retention of an individual's biometric data. Under the bill, biometric data would also include palm prints, facial feature patterns, handwritten signature characteristics, voice data, iris recognition, keystroke dynamics and hand characteristics.

http://www.scmagazineus.com/new-hampshire-bill-would-ban-biometrics-in-id-cards/article/163509/

Denying an entire technology, even a disruptive one, seems a little draconian. I agree that any biometric implementation should have privacy concerns woven in from the start. Perhaps the legislation should focus on assuring protection, rather than prohibiting technology. I am sure that many of the residence of New Hampshire would want a new Passport (with biometric enabled microchip) or perhaps those who have trouble remembering their bank PINS could use an alternative (biometric). 

Tapes used to spoof fingerprint readers. Need for film detection for fingerprint readers

Tapes used to spoof fingerprint readers. Need for film detection for fingerprint readers

Two South Korean women have managed to fool Japan’s expensive biometric border-control system by using special tapes on their fingers; the invisible tape carries the finger prints of another person, and the South Korean broker who supplied the tape also provided false passports to go with it.

You can read about the incident here: http://homelandsecuritynewswire.com/japanese-biometric-border-fooled-tape

Many fingerprint readers now have some liveliness testing incorporated. In its simplest form this would be an observer confirming that the presented finger belongs to the applicant. There are electronic liveliness checks as well such as detection of blood vessels, temperature, and even perspiration changes along the fingerprint ridges.

Much has already been done for counterfeit iris detection based on texture analysis to detect when individuals are wearing contact lenses. In summary the 'ridge' of the lens is detected; although there are many ways to find this including the use of the infrared spectrum.

Links on iris detection are as follows:

1) figment.csee.usf.edu/~sfefilat/data/papers/TuBT6.1.pdf
2) www.nd.edu/~kwb/RingBowyerBTAS_2008.pdf

It seems that similar research needs to be incorporated into fingerprint scanners, to deter the circumvention by use of tapes. Tape ridges, or their material, could be detected through an application of additional spectrum analysis instead of pure pressure sensors currently available in most fingerprint reader models.

Fun news for fingerprinting

Priest checks fingerprints for mass attendance
Reuters Fri Jan 29, 11:46 am ET

WARSAW (Reuters) – A Polish priest has installed an electronic reader in his church for schoolchildren to leave their fingerprints in order to monitor their attendance at mass, the Gazeta Wyborcza daily said on Friday.

The pupils will mark their fingerprints every time they go to church over three years and if they attend 200 masses they will be freed from the obligation of having to pass an exam prior to their confirmation, the paper said.

The pupils in the southern town of Gryfow Slaski told the daily they liked the idea and also the priest, Grzegorz Sowa, who invented it.

"This is comfortable. We don't have to stand in a line to get the priest's signature (confirming our presence at the mass) in our confirmation notebooks," said one pupil, who gave her name as Karolina.

Poland is perhaps the most devoutly Roman Catholic country in Europe today and churches are regularly packed on Sundays.

(Reporting by Kuba Jaworowski, editing by Paul Casciato)