Also used by workers at the Opera House, Sao Paulo, Brazil,
You must have heard of the phantom of the opera?
Doctors at Ferraz de Vasconcelos hospital in Sao Paulo, Brazil, have reportedly fabricated fake fingers to fool biometric scanners. The scam came to light on Globo Television, whose text and video report shows one of the fake digits and a disguised interviewee. Sadly, your correspondent’s Portuguese language skills only …
You must have heard of the phantom of the opera?
I was amazed when a Spar shop here in the UK introduced a fingerprint and palm reader to be used as a clocking on and clocking off device. Apparently it was common practice to sign friends in if they were late now of course it is no longer possible...... Until now....
As an entrepreneur I will now market my silicon hand modelling kit through crowd sourcing. Investors may now que up and give me their money.
Lars -- when you've got your enterprise set up I'd like to download a few 'fingers' for my 3D printer . . .
Everytime some smartypants comes up with a control system, there's always someone someplace who's brain goes "clunk" and comes up with a "dumbass" workaround that the aforementioned smartypants never considered. Love it. Not thumbs down, just an action shot of the system in operation!
You really think the designers hadn't thought this to be a possibility? Seems rather naive to think that, especially since this technique has featured in many a film.
Obviously they were scamming public funds by logging extra hours.
The original report has a former doctor, who claims he resigned because of it, saying the department co-ordinator required doctors to do it and would fire anyone who wouldn't.
It wasn't just doctors involved, there were nurses and (presumably ambulance) drivers.
...the Gummi Bears. Log on as the whole department. Resist temptation to nibble fake fingernails...
I would think silicon would have to be ridiculously heavily doped for this sort of fleshy application. Based on one original Star Trek episode with silicon-based creatures, such "fingers" might even melt through the reader!
Mine's the jacket with the *silicone* finger in the pocket...
It says silicone now.
A Reg hack has corrected it without having the decency to thank you?
In one of the Mythbusters episode they also fooled the fingerprint reader, as far as I can remember at least two different ways.
Yes, they got a 'secure' fingerprint scanner that had never been cracked.
It was fooled by the aforementioned photocopy. And every other method they tried. Their conclusion was iirc that it had only never been cracked because nobody had ever tried to.
So this may work with some, but it won't work with all readers.
The last time I worked with fingerprint readers (admittedly very high-security ones), they would only operate if the finger was attached to a living human body. Given the environment they were used in, the worry was not so much that somebody would make fake silicone fingers, but that they would actually cut people's fingers off in order to gain unauthorised access.
Does it matter if it works on the one you need to fool?
almost all pc "fingerprint readers" are dumb enough to be fooled by a gummi bear.
Some advanced reader (claim to) use IR light and the Doppler to detect moving blood under the skin. Those scanners are not fooled by these fake fingers. I gather some scanners even OKed photocopies of fingerprints
What if the fake finger is just a hood you slip over your own finger?
"What if the fake finger is just a hood you slip over your own finger?"
For even better results, make the hood out of a material that is permeable to natural skin oils. Then you can not only get through biometrics as someone else, you can leave someone else's fingerprints at the scene of the crime!
Any materials scientists in the house?
Use finger or palm vein recognition instead. similar price, better recognition and you'd have to be pretty smart to produce a copy of your veins....
There are various approaches to making sure it's actually an "attached" finger. For a start, I only like the kind of readers you need to swipe your finger over (basically a sort of mini ridge scanner) because it stops you from leaving a latent print on the reader itself, and the one I liked most was a US one which was basically composed out of 4 rows of whatever number of mini antennae.
Ridges would dampen the signal and so register on the scanner, but due to the high frequency only a finger with enough mass behind it would manage that. At least, that's how I understood it - it's been 30+ years since I built my last pirate radio so I'm a bit out of it :). The main benefit of that scanner was that it was still very small.
In conclusion, I think this story could have only happened because someone skimped on the components used. Now *there* is a surprise..
This isn't exactly new. As reported in the Reg back in 2008, the Chaos Computer Club took Wolfgang Schauble's fingerprint from a glass and distributed 4,000 latex copies with their magazine Die Datenschleuder.
Pint, in wiped glass, in recognition of their fine work.
I loved that CCC stunt - I remember laughing out loud properly when I laid eyes on the headline. Couldn't have happened to a nicer idiot..
Cheap security gets fooled - nothing to see, move on.
Naturally the hospital prosthetics department will have expertise in making such things; taking a mould, making a cast and all that. I only mention it 'cos you'd think it'd be obvious to anyone putting such a system in a hospital, duh....
"create fingers with their own prints, somehow also create a phantom worker and someone then clocks on for both"
So they manage to create extra employees. Somehow I have to believe someone in HR is getting a cut of this action. Presumably to prolong the scam these phantom workers are also paying taxes, no? Well, that's enough to stop me from trying it, I have enough headaches with my own taxes.
Paris because someone mentioned Brazilian.
The office where I work uses fingerprint scanners as part of its access system. I don't know how easy it is to fool them with a fake finger, but in my experience it's almost impossible to gain access with a real one.
You put your finger on the scanner, there's a long delay, then an annoying American woman says "Access denied". By that time I've usually dug the standby plastic card out of my pocket.
hehehe. The one I use has two modes of operation: the main one where you stick your finger and it will grant access directly, showing your employee number, or the second one where you first input your employee number, *then* stick your finger. The first mode will sometimes go "timeout", while the second method will rarely fail. Maybe biometrics take too much time to match against the database?
Oh wait, I've also had "matching error" even with my emp ID. More like scanners suck....
Biting the hand that feeds IT © 1998–2018