
CCC Fake Fingerprint - jacquesm
http://www.youtube.com/watch?v=3M8D4wWYgsc
======
hussong
The funny part is that they also managed to gather the fingerprint of then
German Home Secretary Wolfgang Schäuble (an outspoken proponent of biometric
authentication technology) and published it in the club magazine
"Datenschleuder". On clear tape, ready to stick it on your own fingertip...

[http://www.h-online.com/newsticker/news/item/CCC-
publishes-f...](http://www.h-online.com/newsticker/news/item/CCC-publishes-
fingerprints-of-German-Home-Secretary-734713.html)

<http://www.edri.org/edrigram/number6.7/fingerprint-schauble>

------
fab13n
My brother (not a twin, physically very different from me) once came with an
HP laptop with fingertip unlock, and my finger unlocks it ~ 50% of time.

I suspect those system to be set with an extremely high level of tolerance; if
they aren't, they probably often fail to recognize legitimate fingerprints and
people revert to the old, not-hardware-vending passwords.

~~~
jacquesm
It'd be interesting to benchmark this trick against commercial grade systems.

The hardest part of finger print analysis is not the matching but figuring out
if the finger is still attached to the body that it originally came with, and
then if the print is still attached to the original finger.

------
jacquesm
For all of those in the 'I've got nothing to hide so let me put my
fingerprints / DNA and whatever else' on file.

That way you can skip all the messy steps and start from the filed data.

------
abyssknight
Wow, that is surprisingly simple. I'd heard that fingerprint readers were
easily fooled, but that's crazy. Good find!

How long until this is someone's start up idea?

------
Groxx
Fingerprint sensors, even the extremely-high-end, are rather laughably easy to
fool. Never rely on them for identification. Period.

For instance, if you've got one that also measures GSR to generate the image,
you just make the end-product out of ballistics gel that has the same
conductivity. No really, it's been done, and it works rather flawlessly.

Simple examples can be found from the Mythbusters, including breaking some of
the "super" secure ones:
[http://en.wikipedia.org/wiki/MythBusters_(2006_season)#Finge...](http://en.wikipedia.org/wiki/MythBusters_\(2006_season\)#Fingerprint_Lock)
and
[http://www.metacafe.com/watch/250607/mythbusters_high_tech_s...](http://www.metacafe.com/watch/250607/mythbusters_high_tech_security_system/)
("never been broken," my shiny metal ass)

Alternatives that show more promise are iris scanning, retina scanning, and
whatever that back-of-hand blood vessel scanning is that I saw a while ago
(infra red, if I remember right).

------
viraptor
I wonder how long does it take Youtube to remove the video. I really expect it
to happen (in the name of taking down harmful instructions for terrorists,
etc.)... Otherwise - most of the things that come from CCC are good learning
materials.

~~~
jacquesm
If they were to remove it I think it would have happened already.

The video was posted in '06 and has since had about 23,000 views.

~~~
viraptor
That's 23k visits over 4 years - it's barely a blip on their radar. Let's see
what happens after half of HN visits the link and someone blogs about it. (I
may be wrong of course, but there were some cases of "dangerous" material
being removed before afair)

~~~
trin_
i doubt they're going to take it down. a different version of this was aired
in german television one or two years ago.

one show even picked it uped and worked with the ccc to show that selve-
servicing sales stations that one of the largest supermarketchains (EDEKA) was
introducing, who had fingerprint auth, were not safe.

------
abless
Sort of related: [http://www.silicon.com/management/public-
sector/2008/09/26/i...](http://www.silicon.com/management/public-
sector/2008/09/26/id-card-will-drown-in-a-billion-mismatches-39294213/)

It seems to me like Iris recognition is much more reliable, although I don't
know how easy it is to fool the system. John Daugman's web page contains lots
of _really_ interesting material: <http://www.cl.cam.ac.uk/~jgd1000/>

~~~
trin_
the problem here is just that iris recognition is not yet a mass market
product. fingerprint readers are built into laptops etc and you can buy a usb
fingerprint reader for very little money.

------
rrhyne
Its all about the quality of reader. Not all are alike.

This spoof is likely against a silicon reader. Most silicon readers can be
spoofed with molded fingerprints and gummy bears. Optical scanners can be
spoofed with black and white printouts. Neither are very usable.

<http://integratedbiometrics.com> makes a fingerprint scanner that senses a
live finger and is immune to this kind of attack.

------
delackner
There was a bit in the news a few months back that a woman from mainland China
used surgically alterated fingerprints to gain entry into Japan (after
multiple deportations). Notably she was not caught because of the fakes, but
simply after they arrested her later for other reasons.
<http://news.bbc.co.uk/2/hi/8400222.stm>

------
tlrobinson
So _that's_ why attempting to superglue my classic Game Boy screen cover back
on ruined it :(

<http://img110.yfrog.com/i/sxnm.jpg/>

~~~
Groxx
A definite possibility, though the other is that superglue reacts with
plastics, sometimes quite destructively. Fumes alone can eat up plastic films,
for instance. It's quite possible the fumes simply screwed up the surface of
the plastic enough to look white.

~~~
tlrobinson
You can't see in that photo but there's a very clear fingerprint on it. But
your explanation makes sense too.

------
seven
Nojokesaboutrevokedthumbsplease!

As this video is quiet old, but got a lot attention, perhaps you would like to
take a look at: ftp://ftp.ccc.de/ where more ccc material is hosted.

------
chrischen
IIRC they did this successfully on MythBusters although their process was much
more elaborate.

