Biometric Security – Little Known Exploits

There’s a whole lot of hype surrounding biometric technology, and the indisputable convenience that it provides. These days it can be found on everything from laptop computers to bank vaults, offering speedy entry and a unique level of security.

The technology employs scanners, often linked to security equipment, to recognize biological patterns of users attempting to gain access. By this logic, if a man wanted to bypass a biometric fingerprint scanner, his fingerprint would have to match that of the correct pattern stored in the system. In other words, he has to prove he is who he claims to be.

Fingerprint and facial recognition are popular for a reason; they works well enough to satisfy their general market, and it’s hard to deny their charming appeal; reminiscent of 007 on some levels. While the technology has come very far and improves on accuracy and reliability every day, it’s far from perfect. This alluring class of security can be bypassed with a clever bit of ingenuity.

During an episode of Discovery Channel’s Mythbusters, the shows hosts, Adam Savage and Jamie Hyneman set out to expose whether or not biometric scanners can be exploited for false acceptance. Much to the surprise of most of their viewers, as well as the Mythbusters themselves, they succeed in their exploitation with relative ease.

Because many more advanced biometric scanner models utilize temperature and pulse reading instruments to verify the authenticity of the scan, their first attempt was rather complicated. They placed a carefully formed ballistics gel mold, crafted from the scanner owner’s fingerprint, on a latex glove, licked it to simulate sweat, and opened the lock with a successful scan. By the time they had finished their testing, they proved it possible to bypass a fingerprint scanning lock with nothing but a photocopy of the owner’s fingerprint!

Facial recognition is generally accepted as more advanced, and thus a more reliable measure of security than its fingerprint reading counterpart. Unfortunately, this realm of the biometrics field appears to also have its work cut out for it. At a recent Black Hat conference, a security vulnerability research team, lead by Nguyen Minh Duc, effectively shocked their audience by showing how a facial recognition scanner could be fooled using nothing but a printed picture of the owner’s face.

Biometric technology certainly has incredible potential, and as it currently stands, it’s an effective means of adding multiple layers of security to an advanced system. That said, however, this illustration of its loopholes point out how far the field must go to ultimately sew up its imperfections.

Leave a Reply

Your email address will not be published. Required fields are marked *