Further to the discussion and poll about using fingerprint scanners @ your public library (Naperville IL), Jerry Kuntz, Electronic Resources Consultant
at the Ramapo Catskill Library System told Pub-Lib readers about the following interesting article from PC World demonstrating that Gummi Bears can fool a fingerprint scanner…in a pinch.
The article’s author Andrew Brandt says, “After I enrolled my thumb, the optical reader accepted the gummi bear imitation as my Windows log-in. It didn’t get every gummi fingerprint; and the ones it did read, it didn’t see clearly every time. But the gummi print worked, over and over again. I also managed to enroll a lime-green gummi as a user, and then used my thumb to log on. Gummi and thumb were interchangeable for log-on purposes, though my thumb wasn’t nearly as delicious”.
I love it!
This is great! I absolutely adore the fact that this library went out of their way to spend money on these things and it turns out it’s so easy to defeat them. It kind of reminds me of a scene in Demolition Man where Wesley Snipe’s character removes someone’s eye to get past a retinal scanner.
Still, candy defeats security systems. This is almost as good as Sharpies uber copy-protection.
Re:I love it!
GWD–It shouldn’t have kept you out of good schools…it’s called “thinking out of the box” and it’s a good thing.
easy? Re:I love it!
Its only easy if you’re making gummy prints of your own fingerprint, and since you already have your own fingerprint, what’s the point?
The last paragraph:
In the end, these devices thwarted nearly all of my attempts to defeat them. But the gummi test shows that you can trick a fingerprint reader with something other than flesh and blood, and a hardcore snoop will pursue more-advanced methods.
This is my complaint. It would have to be a hardcore snoop no more matter what, cause frankly most people aren’t going to care about the kind of records we keep. So to spend tens of thousands of dollars on something thats going to lock out a lot of people who don’t care but not the handful who do seems like a big waster of resources.
Re:easy? Re:I love it!
Its only easy if you’re making gummy prints of your own fingerprint, and since you already have your own fingerprint, what’s the point?
I don’t know what their polices are at the library in question, but most places I’ve been to have a set amount of time someone can be on. Usually they also only allow you on once or twice per day.
So I’m a fifteen year old with some computer knowledge and gummie bears. I read the article or hear of it. I want more than half an hour of internet time. I have a brother who’s registered at the library, along with a mother and father who are also registered and don’t care what I do as long as I’m doing it somewhere else.
“Hey mom, dad! I need to roll your thumb on this gummie bear! It’s for a computer experiment!
Ta da! Instant extension of time * 3. Now, when my session runs out I’ve got mom’s, dad’s, and even little bro’s fingerprint- along with sugary snacky goodness.
Hell, the kid doesn’t even have to use his family, he’s got friends. And I’m sure, given time they’d find something better than candy to maintain a print. Certain clays might work well for such a project.
In the end, the only good kind of fingerprint scanner would be a biometric one that tests for temperature and pulse. After all, if I really need to get through a secured door with a print scanner I don’t need a guard… I need their finger. You know, a finger. Something easily removed and placed in a pocket.
Defeating security.
Sure, the hard core types are gonna figure out a way to hack around it.
The soft-core types are going to put a USB pass-through on the back of the computer, where the scanner plugs in, and have it copy the data-stream of a few dozen fingerprints/iris scans. Then have their pick of who they want to log in as.
But the worst ones are just gonna keep putting super-glue on the reader so that NOBODY’s prints work. Or clip the cable. Eventually the institution is going to get tired of replacing the biometric equipment.