Also used by workers at the Opera House, Sao Paulo, Brazil,
You must have heard of the phantom of the opera?
Doctors at Ferraz de Vasconcelos hospital in Sao Paulo, Brazil, have reportedly fabricated fake fingers to fool biometric scanners. The scam came to light on Globo Television, whose text and video report shows one of the fake digits and a disguised interviewee. Sadly, your correspondent’s Portuguese language skills only …
I was amazed when a Spar shop here in the UK introduced a fingerprint and palm reader to be used as a clocking on and clocking off device. Apparently it was common practice to sign friends in if they were late now of course it is no longer possible...... Until now....
As an entrepreneur I will now market my silicon hand modelling kit through crowd sourcing. Investors may now que up and give me their money.
Everytime some smartypants comes up with a control system, there's always someone someplace who's brain goes "clunk" and comes up with a "dumbass" workaround that the aforementioned smartypants never considered. Love it. Not thumbs down, just an action shot of the system in operation!
Obviously they were scamming public funds by logging extra hours.
The original report has a former doctor, who claims he resigned because of it, saying the department co-ordinator required doctors to do it and would fire anyone who wouldn't.
It wasn't just doctors involved, there were nurses and (presumably ambulance) drivers.
The last time I worked with fingerprint readers (admittedly very high-security ones), they would only operate if the finger was attached to a living human body. Given the environment they were used in, the worry was not so much that somebody would make fake silicone fingers, but that they would actually cut people's fingers off in order to gain unauthorised access.
"What if the fake finger is just a hood you slip over your own finger?"
For even better results, make the hood out of a material that is permeable to natural skin oils. Then you can not only get through biometrics as someone else, you can leave someone else's fingerprints at the scene of the crime!
Any materials scientists in the house?
There are various approaches to making sure it's actually an "attached" finger. For a start, I only like the kind of readers you need to swipe your finger over (basically a sort of mini ridge scanner) because it stops you from leaving a latent print on the reader itself, and the one I liked most was a US one which was basically composed out of 4 rows of whatever number of mini antennae.
Ridges would dampen the signal and so register on the scanner, but due to the high frequency only a finger with enough mass behind it would manage that. At least, that's how I understood it - it's been 30+ years since I built my last pirate radio so I'm a bit out of it :). The main benefit of that scanner was that it was still very small.
In conclusion, I think this story could have only happened because someone skimped on the components used. Now *there* is a surprise..
This isn't exactly new. As reported in the Reg back in 2008, the Chaos Computer Club took Wolfgang Schauble's fingerprint from a glass and distributed 4,000 latex copies with their magazine Die Datenschleuder.
http://www.theregister.co.uk/2008/03/30/german_interior_minister_fingerprint_appropriated/
Pint, in wiped glass, in recognition of their fine work.
"create fingers with their own prints, somehow also create a phantom worker and someone then clocks on for both"
So they manage to create extra employees. Somehow I have to believe someone in HR is getting a cut of this action. Presumably to prolong the scam these phantom workers are also paying taxes, no? Well, that's enough to stop me from trying it, I have enough headaches with my own taxes.
Paris because someone mentioned Brazilian.
The office where I work uses fingerprint scanners as part of its access system. I don't know how easy it is to fool them with a fake finger, but in my experience it's almost impossible to gain access with a real one.
You put your finger on the scanner, there's a long delay, then an annoying American woman says "Access denied". By that time I've usually dug the standby plastic card out of my pocket.
hehehe. The one I use has two modes of operation: the main one where you stick your finger and it will grant access directly, showing your employee number, or the second one where you first input your employee number, *then* stick your finger. The first mode will sometimes go "timeout", while the second method will rarely fail. Maybe biometrics take too much time to match against the database?
Oh wait, I've also had "matching error" even with my emp ID. More like scanners suck....