back to article Fake fingers fool Brazilian biometrics

Doctors at Ferraz de Vasconcelos hospital in Sao Paulo, Brazil, have reportedly fabricated fake fingers to fool biometric scanners. The scam came to light on Globo Television, whose text and video report shows one of the fake digits and a disguised interviewee. Sadly, your correspondent’s Portuguese language skills only …

COMMENTS

This topic is closed for new posts.
  1. Winkypop Silver badge
    Coat

    Also used by workers at the Opera House, Sao Paulo, Brazil,

    You must have heard of the phantom of the opera?

    1. LarsG
      Meh

      As practiced in the UK?

      I was amazed when a Spar shop here in the UK introduced a fingerprint and palm reader to be used as a clocking on and clocking off device. Apparently it was common practice to sign friends in if they were late now of course it is no longer possible...... Until now....

      As an entrepreneur I will now market my silicon hand modelling kit through crowd sourcing. Investors may now que up and give me their money.

      1. Elmer Phud
        Go

        Re: As practiced in the UK?

        Lars -- when you've got your enterprise set up I'd like to download a few 'fingers' for my 3D printer . . .

  2. xyz Silver badge
    Thumb Down

    I just love the human spirit

    Everytime some smartypants comes up with a control system, there's always someone someplace who's brain goes "clunk" and comes up with a "dumbass" workaround that the aforementioned smartypants never considered. Love it. Not thumbs down, just an action shot of the system in operation!

    1. Anonymous Coward
      Anonymous Coward

      Re: I just love the human spirit

      You really think the designers hadn't thought this to be a possibility? Seems rather naive to think that, especially since this technique has featured in many a film.

  3. Anonymous Coward
    Anonymous Coward

    Original article

    Obviously they were scamming public funds by logging extra hours.

    The original report has a former doctor, who claims he resigned because of it, saying the department co-ordinator required doctors to do it and would fire anyone who wouldn't.

    It wasn't just doctors involved, there were nurses and (presumably ambulance) drivers.

  4. MrT

    Break out...

    ...the Gummi Bears. Log on as the whole department. Resist temptation to nibble fake fingernails...

    http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/

  5. MondoMan
    Coat

    Si?

    I would think silicon would have to be ridiculously heavily doped for this sort of fleshy application. Based on one original Star Trek episode with silicon-based creatures, such "fingers" might even melt through the reader!

    Mine's the jacket with the *silicone* finger in the pocket...

    1. Dave 62
      Unhappy

      Re: Si?

      It says silicone now.

      A Reg hack has corrected it without having the decency to thank you?

  6. Anonymous Coward
    Anonymous Coward

    Mythbusters

    In one of the Mythbusters episode they also fooled the fingerprint reader, as far as I can remember at least two different ways.

    1. Remy Redert

      Re: Mythbusters

      Yes, they got a 'secure' fingerprint scanner that had never been cracked.

      It was fooled by the aforementioned photocopy. And every other method they tried. Their conclusion was iirc that it had only never been cracked because nobody had ever tried to.

  7. localzuk Silver badge

    Not all fingerprint readers are the same

    So this may work with some, but it won't work with all readers.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not all fingerprint readers are the same

      The last time I worked with fingerprint readers (admittedly very high-security ones), they would only operate if the finger was attached to a living human body. Given the environment they were used in, the worry was not so much that somebody would make fake silicone fingers, but that they would actually cut people's fingers off in order to gain unauthorised access.

    2. Alan Brown Silver badge

      Re: Not all fingerprint readers are the same

      Does it matter if it works on the one you need to fool?

      almost all pc "fingerprint readers" are dumb enough to be fooled by a gummi bear.

  8. Michael H.F. Wilkinson Silver badge

    Some advanced reader (claim to) use IR light and the Doppler to detect moving blood under the skin. Those scanners are not fooled by these fake fingers. I gather some scanners even OKed photocopies of fingerprints

    1. Luc Le Blanc

      What if the fake finger is just a hood you slip over your own finger?

      1. Franklin
        Thumb Up

        "What if the fake finger is just a hood you slip over your own finger?"

        For even better results, make the hood out of a material that is permeable to natural skin oils. Then you can not only get through biometrics as someone else, you can leave someone else's fingerprints at the scene of the crime!

        Any materials scientists in the house?

  9. Anonymous Coward
    Anonymous Coward

    Use finger or palm vein recognition instead. similar price, better recognition and you'd have to be pretty smart to produce a copy of your veins....

  10. Anonymous Coward
    Anonymous Coward

    Won't work with all readers..

    There are various approaches to making sure it's actually an "attached" finger. For a start, I only like the kind of readers you need to swipe your finger over (basically a sort of mini ridge scanner) because it stops you from leaving a latent print on the reader itself, and the one I liked most was a US one which was basically composed out of 4 rows of whatever number of mini antennae.

    Ridges would dampen the signal and so register on the scanner, but due to the high frequency only a finger with enough mass behind it would manage that. At least, that's how I understood it - it's been 30+ years since I built my last pirate radio so I'm a bit out of it :). The main benefit of that scanner was that it was still very small.

    In conclusion, I think this story could have only happened because someone skimped on the components used. Now *there* is a surprise..

  11. David Pollard
    Pint

    The Chaos Computer Club

    This isn't exactly new. As reported in the Reg back in 2008, the Chaos Computer Club took Wolfgang Schauble's fingerprint from a glass and distributed 4,000 latex copies with their magazine Die Datenschleuder.

    http://www.theregister.co.uk/2008/03/30/german_interior_minister_fingerprint_appropriated/

    Pint, in wiped glass, in recognition of their fine work.

    1. Fred Flintstone Gold badge

      Re: The Chaos Computer Club

      I loved that CCC stunt - I remember laughing out loud properly when I laid eyes on the headline. Couldn't have happened to a nicer idiot..

  12. JimmyPage Silver badge

    Yawn ...

    Cheap security gets fooled - nothing to see, move on.

  13. hugo tyson
    FAIL

    Hospital expertise

    Naturally the hospital prosthetics department will have expertise in making such things; taking a mould, making a cast and all that. I only mention it 'cos you'd think it'd be obvious to anyone putting such a system in a hospital, duh....

  14. Eddy Ito
    Paris Hilton

    phantom workers?

    "create fingers with their own prints, somehow also create a phantom worker and someone then clocks on for both"

    So they manage to create extra employees. Somehow I have to believe someone in HR is getting a cut of this action. Presumably to prolong the scam these phantom workers are also paying taxes, no? Well, that's enough to stop me from trying it, I have enough headaches with my own taxes.

    Paris because someone mentioned Brazilian.

  15. Kubla Cant
    FAIL

    In other news

    The office where I work uses fingerprint scanners as part of its access system. I don't know how easy it is to fool them with a fake finger, but in my experience it's almost impossible to gain access with a real one.

    You put your finger on the scanner, there's a long delay, then an annoying American woman says "Access denied". By that time I've usually dug the standby plastic card out of my pocket.

    1. Daniel B.

      Re: In other news

      hehehe. The one I use has two modes of operation: the main one where you stick your finger and it will grant access directly, showing your employee number, or the second one where you first input your employee number, *then* stick your finger. The first mode will sometimes go "timeout", while the second method will rarely fail. Maybe biometrics take too much time to match against the database?

      Oh wait, I've also had "matching error" even with my emp ID. More like scanners suck....

This topic is closed for new posts.