Multiverse 2.357
paused to apply patches
Fingerprint readers are commonly used today to unlock smartphones, as well as providing a second factor in physical access control systems. In the previous post we took a look at facial recognition systems, now let’s introduce some other types of biometric identifiers commonly used today.
Certain fingerprints will match a variety of similar prints; they can be searched for and collected for use in these types of systems. Worse still, synthetic fingerprints have been shown to be highly effective, against standard systems like the type used in consumer devices, they have been shown to match up to 77% of prints with only a 1% error rate. If this method of authentication becomes more widely used, people will likely improve these systems, so more accuracy is not the answer.
People have unique iris patterns that can be used as biometric identifiers as well. But this has proven troublesome too, as people do not typically cover their eyes in public places. With the advent of high resolution cameras, it is relatively easy to obtain detailed images of a person’s eyes.
The same Chaos Computer Club (CCC) in Germany that demonstrated fooling a smartphone secured by fingerprints using photographs of fingers has also shown that it is relatively easy to fool smartphone locking systems secured by iris scanning technology. They constructed dummy eyes and used them to unlock the devices in question.
Your veins also have unique patterns of arrangement and can be used to identify you. This requires close proximity, and involves optical scanning of part of the body to map the vein locations. Palms and eyes are often the parts which have easily observed veins and are often uncovered even in cold weather.
Because veins lie beneath the skin surface and because some sensors require blood to be flowing through the veins, these are possibly the most difficult biometric mechanisms to spoof. However, if this becomes more common, expect better spoofing technologies to follow, making this more of a cat and mouse game.
Vein recognition is beginning to get popular, with companies like Fujitsu building palm scanning devices into tablets and Apple patenting techniques for using vein recognition in smart watches. Hitachi also has some interesting technology to read vein patterns in users’ fingers which has devices that have been in use by multiple banks in Poland since they began this program in 2013.
Using any sort of biometric identifier at all is a bad idea, and puts your data in jeopardy. All systems have weaknesses that can be exploited, but in this case you have no recourse. It’s not easy to change your iris or facial structure after it has been compromised.
In the next post, we’ll take a closer look at national biometric databases in use today and the challenges associated with them. Then in future posts we’ll ake a look at newer techniques such as gait analysis, so stay tuned!