[HN Gopher] Fingerprints can be hacked
___________________________________________________________________
Fingerprints can be hacked
Author : SerCe
Score : 606 points
Date : 2021-11-22 13:38 UTC (9 hours ago)
(HTM) web link (blog.kraken.com)
(TXT) w3m dump (blog.kraken.com)
| m00dy wrote:
| Do you think that a 3d printer can replace the whole process ?
| gruez wrote:
| It probably lacks the resolution to do it. That said, why do
| you want that when a 2d printer works fine?
| resoluteteeth wrote:
| FDM printers probably don't have a high enough resolution,
| but I wonder if new high resolution resin printers like the
| phrozen sonic 8k mini ($600) have a high enough resolution to
| do it.
| Workaccount2 wrote:
| Only optical scanners would be fooled, capacitive and
| ultrasonic readers actually read the 3D ridges of your
| finger.
| gruez wrote:
| The 3d ridges from the 2d printer comes from the raised
| lettering, which is transferred to the dried acetate glue.
| fukpaywalls2 wrote:
| Well, they definitely can be hacked off
| [deleted]
| paulpauper wrote:
| The big problem with fingerprint is you may void your 5th
| amendment right
| cblconfederate wrote:
| i guess faceid should be even easier since u can recreate a face
| from a few public photos.
|
| Plus the good thing about fingerprints is that most people have
| learned from movies+tv that fingerprints are not secret and can
| be faked
| [deleted]
| gumby wrote:
| > while your fingerprint is unique to you,
|
| Has this been proven to some degree or is it merely a conjecture.
|
| I suppose by now, governments have collected enough fingerprints
| to pretty much confirm this, but I haven't seen any studies.
| 100c1p43r wrote:
| Well, you just leave your "password" on the device ;)
| 101_101 wrote:
| humm cheaper than a rubber hose, but too slow.
| evancoop wrote:
| The broader argument here is less about fingerprints, and more
| about using anything immutable as authentication. You cannot
| change your fingerprints. You cannot change your social security
| number (at least not easily). These should therefore, NEVER be a
| primary method to authorize access to anything. Once stolen, the
| proverbial horse is out of the barn.
| TheJoeMan wrote:
| It would be funny to use this technique to make fake
| fingerprints that are used as the keys. "Hardware key on MBP!"
| h2odragon wrote:
| You can in fact change your fingerprints; glassblowing and
| metalwork, for example, offer numerous opportunities to do so.
| Joker_vD wrote:
| Don't they regenerate? I vaguely recall reading that
| criminals have tried lots of surgical ideas but none would
| last longer than a couple of months.
| h2odragon wrote:
| if they do you're not burning deep enough
|
| I dunno, I have psoriasis on my hands bad enough that
| sometimes i dont properly speaking have skin on some
| fingertips, so my experiences aren't normal.
|
| I recall hitting someones' demo of the "first PAM
| integrated fingerprint ID system" in '98 and crashing their
| machine repeatedly with my thumb. It couldn't even scan me.
| thomascgalvin wrote:
| Biometrics have both a high False Acceptance Rate - they will
| accept invalid input - _and_ a high False Rejection Rate - they
| will deny valid input. Scanners can be tuned one way or the
| other, preferring FAR or FRR, but either way, they are kind of
| unreliable.
|
| This is why multi-factor authentication is a thing. Generally,
| pick two: something you have, something you know, or something
| you are.
|
| If the scanner doesn't like your fingerprint this morning, just
| use your proximity badge instead, and if someone takes a photo of
| your fingerprint, it's still useless unless they also know your
| PIN.
|
| The issue is that a lot of our hardware, particularly phones and
| laptops, is single-factor authentication. And on top of that,
| this hardware knows the login to a bunch of other very sensitive
| material, like your bank accounts.
| AtNightWeCode wrote:
| As an IT professional you should know to never use fingerprints
| or facial recognition for logins.
| mdp2021 wrote:
| It seems you are stating that biometrics should not be used to
| restrict account access according to specific individuals
| ("John can only access john.harrey and finance.12")
| kingcharles wrote:
| Also remember, in the USA, the police can legally force your
| finger onto a reader to defeat the lock, without violating your
| 5th Amendment right against self-incrimination.
| _justinfunk wrote:
| Remember (on an iPhone) you can squeeze the power button and
| one of the volume keys for a few seconds. This disables
| biometric authentication until a passcode is entered.
|
| This can protect you against this "attack vector".
| GuB-42 wrote:
| No, the fingerprints are not hacked. The MacBook Pro scanner is.
|
| Fingerprints and biometrics in general are not a secret. Consider
| your fingerprint like your face. Anyone can reproduce your face,
| there are cameras everywhere, and it is probably already easy to
| find on the internet. "Hacking" your face by taking a picture is
| the most boring "hack" ever.
|
| Now, if I print your face on a piece of paper, wear it as a mask
| and try to say to a security guard that I am you, normally, he
| won't let me in. If he does, the problem is not that I managed to
| make a paper mask with a picture of you, this will always be
| possible, the problem is that your guard is stupid and you need a
| better one.
|
| And if your fingerprint scanner can be fooled by a dab of glue
| and a laser printer, you probably need a better scanner,
| something that Apple should be able to do. Smartphone
| manufacturers like Apple are usually good at bringing fancy tech
| to the masses, and they could work on defeating these old
| attacks.
| CountDrewku wrote:
| Eh... fingerprints are quite a bit simpler than faces. They're
| just patterns. I don't know how you could detect a fake
| fingerprint. You'd need something that could tell there wasn't
| real skin on the device. I would say warmth but obviously he
| has the fake skin over his actual thumb so it's probably still
| warm.
| GuB-42 wrote:
| Yes, I really meant fake fingers, not just fake fingerprints.
| And there is plenty of research on that subject.
|
| Possible ways of detecting a fake fingerprint (beside
| warmth):
|
| - Blood (we could use one of these cheap SpO2 sensors)
|
| - Capacitance
|
| - Perspiration and related skin resistance
|
| - Microscopic skin details
|
| And the usual machine learning solution of feeding thousands
| of real and fake fingerprints to a neural network and letting
| it decide.
|
| As all living things, fingers are far from simple, there are
| plenty of details beyond the obvious pattern. It is a bit
| like a banknote, you can photocopy a banknote and it is very
| east to identify the banknote you copied. But it is very hard
| to pass it off as a real one to someone who knows where to
| look.
| p2p_astroturf wrote:
| damn i need more sockpuppet accounts so i can list all my snarky
| comments:
|
| - no shit, use public keys
|
| - your 2FA can also be hacked
|
| - your company forcing 2FA is insufferable like all modern web
|
| - your KYC is literally pointless since i already gave those same
| ID photos to 100 different companies, few to none of which are
| competent enough to keep them secret
|
| EDIT: huh, this is actually a good article. but it's still ironic
| since it's coming from a company that follows all the standard
| snake oil
| daneel_w wrote:
| People commonly mistake biometrics for authentication; they are
| only shallow identification.
| no_time wrote:
| By "laser printer" do they mean regular office printer or laser
| engraver? It's a bit hard to believe that the super thin layer of
| black paint produces an imprint thats significant enough for this
| to work.
| krzyk wrote:
| OK, so here goes fingerprint scanner on phones that some thought
| is more secure than Face Unlock and similar.
| neycoda wrote:
| So it's not easy.
| rogelin wrote:
| Firgerprints are usernames, not passwords.
| trulyme wrote:
| The biggest problem imho is that we only have two states on our
| phones - locked and unlocked.
|
| Ideally, I should be able to unlock the phone and take photos
| using just my fingerprint. In my case I would also like to be
| able to call, message, play games and similar. But to access the
| 2fa app, cryptoasset app or similar, I must further authenticate
| in a way that I only reveal _parts_ of my secret ( "Enter 3rd,
| 8th and 11th character of your password:"). The assumption here
| is that I will mostly authenticate in a private setting, but
| sometimes I might not have that luxury.
| paxys wrote:
| You can already configure apps you are allowed to use on iPhone
| & Android without unlocking the device. And individual apps are
| anyways free to implement their own security mechanisms.
| cblconfederate wrote:
| "now place your left index, then your right pinky" etc.
| Labo333 wrote:
| Nice concept!
|
| It made me realize this is the purpose of PINs for some apps
| (eg Signal)
| menage wrote:
| On Android (don't know about iOS) you can take photos without
| even unlocking - double press on the power button opens the
| camera. You can't access anything else (including existing
| photos in the camera roll).
| trulyme wrote:
| True, and it is a step in right direction. However I still
| don't want to expose my bank app credentials every time I
| show someone my vacation photos.
| abletonlive wrote:
| you definitely don't need to unlock to take photos on iOS.
| redler wrote:
| It works the same way on iPhones. The lock screen includes a
| camera button. When tapped, the phone enter a camera-only
| mode in which only photos taken during that session are
| accessible.
| scottLobster wrote:
| Think this is still overestimating the threat. It's kinda like
| saying you can hack someone's password by watching video of them
| typing. True, but also non-trivial.
|
| If you're already being personally targeted by an organization
| professional enough to follow you around, take a photo of your
| fingerprint on something you touched, then painstakingly
| reproduce said fingerprint through highly technical means and
| then gain physical access to your personal device that uses a
| fingerprint reader to use said fingerprint, you should be aware
| of your position and have multi-factor authentication set up for
| everything anyway.
|
| For your average everyday person fingerprint security is fine.
| The thief who snatches your phone when you step away from your
| table in the mall food court isn't going to be able to crack it
| via this method.
| kurthr wrote:
| Yep, physical proximity is a huge barrier to any attack, and
| requiring persistent physical access even more so. If you have
| a plug in USB keyboard, this sort of quick attack through MitM
| passthrough is even easier.
|
| However, having some experience with biometric sensors the
| False Accept/Reject ratio both for matching the fingerprint and
| detecting "liveness/spoof" is a BIG DEAL. Matching many prints
| or to many people is also MUCH HARDER (combinatorically). At
| high SNR (more expensive, higher resolution, larger sensor,
| higher power, longer latency) these problems can be largely
| mitigated with accurate recognition and very difficult to spoof
| systems. Those aren't the ones people attack for online fame.
|
| However, when display integrated ultra-thin low cost very
| convenient matching is required... it will trade off for False
| Accept/Reject ratios and make the system significantly (orders
| of magnitude) less accurate. Unfortunately, it appears that the
| old MacBook touchbar integrated sensor has sacrificed
| significantly in this area.
|
| Time of Flight 3D sensors make spoofing Face ID with easily
| carried biometrics significantly more challenging (they tend to
| be head sized).
| xoa wrote:
| Agree with your overall post entirely, the thing about physical
| attacks is they don't scale well. If you're subject to an
| actual individual threat, it's a whole different and enormously
| scarier/more challenging threat scenario.
|
| > _Think this is still overestimating the threat. It 's kinda
| like saying you can hack someone's password by watching video
| of them typing. True, but also non-trivial._
|
| Isn't that genuinely getting pretty trivial in public though?
| And in turn I think that is a real argument for biometrics too.
| The amount of over-the-shoulder camera surveillance in business
| and urban areas is pretty scary at this point, as are the
| concealability and cheapness of even very tiny spy cams. There
| have been plenty of scandals around it even in things like
| AirBNBs or hotels, historically from the context of sex, but
| not a stretch to imagine that passwords could be a much bigger
| and more lucrative target. And ML/AI is getting ever more
| sophisticated, and humans entering PINs/passwords is pretty
| repetitive behavior with a high degree of uniformity in how
| it's done, at least the device-unlock level. Seems very
| amenable to highly reliable automated analysis, to the extent
| I'd be genuinely surprised if that's not secretly deployed
| already in surveillance states.
|
| I don't enter PINs/passwords in public anymore if I can
| possibly help it. It just seems scalable in a way that physical
| attacks aren't.
| anonymfus wrote:
| _> If you're already being personally targeted by an
| organization professional enough to follow you around, take a
| photo of your fingerprint on something you touched, then
| painstakingly reproduce said fingerprint through highly
| technical means and then gain physical access to your personal
| device that uses a fingerprint reader to use said fingerprint,
| you should be aware of your position and have multi-factor
| authentication set up for everything anyway._
|
| But the whole point is that it's easier than you describe as
| people make photos with fingerprints themself accidentally, and
| technical means to reproduce fingerprints are not highly
| technical.
| [deleted]
| grifball wrote:
| Myth busters did this:
|
| https://m.youtube.com/watch?v=MAfAVGES-Yc
|
| ?13? Years ago?
| kartoshechka wrote:
| 2FA can be bamboozled too, given that SMS is kinda a security
| joke
| ineedasername wrote:
| The problem with any lock is that, fundamentally, it is _made to
| be opened_ when certain conditions are met. And that 's putting
| aside any sort of brute force approach.
|
| Good security design is as much about asking, from first
| principles, "what conditions need to be met to open this?" as
| about considering how it might be attacked.
|
| For example, the condition to be met for a pad lock to open is
| _not_ "when the proper key is inserted" or "the key pins are
| raised to the appropriate level". It's something more basic--
| like "when the locking bar no longer blocks the shackle from
| rising."
|
| From that perspective, attacking the key hole and pins is only
| one of multiple vectors.
| amelius wrote:
| Or you just open the lock with a bolt cutter.
| 1cvmask wrote:
| My favorite photograph of a fingerprint is when the Chaos
| Computer Club reproduced the German Foreign ministers fingerprint
| from a photo. So much for military grade security.
|
| https://www.dw.com/en/german-defense-minister-von-der-leyens...
|
| -
|
| The core problems with biometrics are that:
|
| 1) Not revokable (unlike compromised credentials)
|
| 2) Not a secret
|
| 3) Usually trivial to reproduce and spoof (even "liveliness"
| tests)
| babypuncher wrote:
| My problem with this reasoning is that it leads people to think
| that biometrics therefore shouldn't be used.
|
| Can biometrics be spoofed? Absolutely. Is it likely to happen
| to the average person? Not at all. For a typical everyday user,
| a fingerprint or face scan is probably more secure than the
| common alternatives of "sticky note" passwords, easily guessed
| PINs, or no authentication at all.
|
| Biometrics are a compromise between security and convenience.
| Before iPhones got Touch ID, it was not uncommon for people to
| just not put a lock on their phone out of convenience. Now it
| is impossible to find an iPhone out in the wild that is not
| fully encrypted. The average level of security on consumer
| devices that hold sensitive information has increased
| dramatically thanks to biometrics.
| Spivak wrote:
| This meme really really has to die. It's so annoying that it's
| spread so far. Biometric security (i.e something you are) does
| not need to be secret nor revoked. That's the _entire point_.
| It 's a piece of information that even when it's known by
| everyone still can't be reproduced.
|
| The strength of a security system based on biometrics is
| _exactly_ how well that system can detect that it 's reading
| from an living breathing human.
|
| - Perfect: A human guard manually taking a fingerprint reading.
| Can't be beat because the guard can obviously see that it's not
| really your hand.
|
| - Shit: A camera that compares pictures.
|
| The entire industry is about making an autonomous system that
| gets as close as possible to perfect. It's fine to say that you
| don't think it's good enough right now but "oh no I lifted a
| fingerprint from a photo" isn't some security breach.
| alasdair_ wrote:
| >- Perfect: A human guard manually taking a fingerprint
| reading. Can't be beat because the guard can obviously see
| that it's not really your hand.
|
| "Perfect" is too strong a statement. This is only true if the
| guard very carefully checks every fingertip to ensure nothing
| is glued over your normal fingertips, and even then it's
| possible to distract the guard or rush them with a socially-
| engineered premise. Or just bribe or blackmail them.
| imwillofficial wrote:
| You're missing the point.
|
| Biometrics are not the weakness. Current implementations
| are.
| philovivero wrote:
| > That's the entire point. It's a piece of information that
| even when it's known by everyone still can't be reproduced.
|
| And yet, it can be reproduced. So it seems like the entire
| point is... invalid.
| Spivak wrote:
| Produce me a living breathing human with a chosen
| fingerprint -- biometrics are not "a picture of your
| fingerprint is the password."
| fragmede wrote:
| But similar to hash collisions, a total break (arbitrary
| hash values can be output) isn't required for it to be a
| problem. Where fingerprint scanners aren't magic
| (especially given the sloppiness of input data), that
| they're defeatable in corner cases should be enough to be
| worrisome.
| Spivak wrote:
| Right but _exactly_ like hashing you can set the
| difficulty of breaking it to your risk tolerance.
|
| Your phone should probably be a little loose but the
| retina scanner at the datacenter of the dod will be a lot
| stricter.
| imwillofficial wrote:
| That's not a thing (Re: dod)
| justin_oaks wrote:
| My thought is that biometrics should be the root of identity,
| not the endpoint. You shouldn't need to scan your retina,
| fingerprint, or face at every point you want to verify your
| identity. Instead you use other things like public key
| cryptography to verify your identity remotely, id cards
| (perhaps with strong cryptography) for in-person
| interactions, etc.
|
| Lost/stolen cryptographic keys or ID cards could be revoked
| and would require a trip to your a certified biometric
| verification facility where a thorough in-person inspection
| would confirm that your fingerprints are real, you aren't
| using a fake eye, etc. Then you'd be issued new keys/cards at
| that location. Loss of ID is inconvenient, but not
| catastrophic. Leaking your biometrics is irrelevant.
|
| Is it an infallible system? Certainly not, but it should be
| able to uniquely identify someone and not allow faking
| biometrics.
| JohnFen wrote:
| > Biometric security (i.e something you are) does not need to
| be secret nor revoked. That's the entire point. It's a piece
| of information that even when it's known by everyone still
| can't be reproduced.
|
| If that's the point, the effort is doomed. All biometrics
| will be able to be reproduced sooner or later. There's no way
| around that.
|
| So, like all other identifiers, revocation is an important
| trait. Even if successful reproduction is difficult and rare,
| it would be utterly devastating to those affected unless
| there's a way to revoke.
|
| > Perfect: A human guard manually taking a fingerprint
| reading. Can't be beat because the guard can obviously see
| that it's not really your hand.
|
| Not at all perfect. Can that human guard really see if you're
| wearing a fake fingerprint? I doubt it, unless he's closely
| examining everyone's fingerprints first. And even then...
| Spivak wrote:
| > If that's the point, the effort is doomed. All biometrics
| will be able to be reproduced sooner or later. There's no
| way around that.
|
| All encryption will eventually be broken therefore what's
| the point is a pretty bad security posture. But like no it
| won't. Even if you can fake every other metric (good luck
| with eyes) a fresh blood sample taken by a guard with
| hypothetical futuristic instant DNA sequencing will never
| be broken. If your threat model is someone cloning you, the
| you have bigger problems and they still can't clone your
| fingerprints!
|
| You've got revocation completely ass-backwards. If someone
| successfully tricks a biometric system you don't need to
| revoke someone's fingerprint, you revoke the reader! That's
| the thing that actually provides all the security.
|
| The point of the guard is that a human has absolutely no
| trouble determining whether they're taking a reading of a
| real hand, scanning a real eyeball, to taking a real blood
| sample. Maybe in mission impossible movies but you're
| really really overstating the resources required to make a
| convincing hand to someone specifically looking for fakes.
| Yes social engineering is a problem which is why an
| autonomous system with the detection quality of a human
| would be nigh unbeatable.
| alasdair_ wrote:
| >Not at all perfect. Can that human guard really see if
| you're wearing a fake fingerprint? I doubt it, unless he's
| closely examining everyone's fingerprints first. And even
| then...
|
| The procedure at the USCIS to get my green card was
| remarkably thorough. The guard manually and visually
| checked each of my fingertips carefully to ensure I had no
| fake print overlayed on top of my real print and I had to
| keep my hands within a small area with a camera on it for
| the entire process or they would restart everything.
| hannofcart wrote:
| Furthermore, that guard can be incapacitated, or easier
| still, bribed.
| runnerup wrote:
| > Perfect: A human guard manually taking a fingerprint
| reading. Can't be beat because the guard can obviously see
| that it's not really your hand.
|
| Well, the argument some people are making is that this might
| be no better than a human checking your ID. Yes, there the
| guard can verify that there is some real human there, but
| both the ID and the fingerprint could be faked (e.g. a fake
| fingertip mold which matches the victim's "known"
| fingerprint).
| Spivak wrote:
| We're talking about a guard who physically takes your hand,
| inspects it, and puts your finger in ink, and then compares
| that to the prints they have on file. This is exactly the
| protocol that's used by the police and military when taking
| prints.
| fragmede wrote:
| So wear fingerless gloves and social engineer a little
| bit (it's cold, it's winter, I have bad circulation,
| etc). If you think having a human guard makes a system
| infallible, I have some bad news for you.
| Spivak wrote:
| Oh lord, this is firmly off that point. An alert
| motivated human looking for fakes can identify them with
| nigh perfect accuracy. This means that it should be
| possible to build an autonomous system that can do the
| same which is the goal of biometric auth systems. There
| is nothing that fundamentally breaks biometric auth until
| you can burn fingerprints on someone or replace eyes or
| gene therapy new DNA or whatever. And even then that's
| pretty damn strong.
| imwillofficial wrote:
| Exactly, every keeps going on about magic social
| engineering attacks without providing details.
|
| Anyone who has had their fingerprints taken by the FBI
| knows that there is a solid procedure that will detect
| fakes. The idea is to replicate this near perfection, not
| bolt on some revocation system for fingerprints (ouch!)
| [deleted]
| newsbinator wrote:
| > Spiegel also reported another security hole from the
| conference: reading a user's PIN code from reflections in their
| pupils while taking selfies.
|
| https://www.dw.com/en/german-defense-minister-von-der-leyens...
| Cd00d wrote:
| I don't understand this one - when are people taking a selfie
| at the same time they're typing in their pin? I have an
| android phone, and I don't even unlock to take pictures.
|
| I just don't follow the timeline and geometry. Seems
| theoretical only maybe.
| nkrisc wrote:
| I assume the intent is to capture it while surveilling
| someone while they enter their PIN, not necessarily from
| images harvested from social media or anything. Since many
| PIN entries show at most the most recently entered number,
| you'd need multiple images to capture the PIN. But if you
| can capture it from reflections in their eyes, then you can
| surveil them from a greater distance and more stealthily if
| you've got a good camera.
| voakbasda wrote:
| Take a selfie with someone unlocking their phone positioned
| over your shoulder. Seems very practical and surreptitious.
| LocalH wrote:
| Reflections of the fingerprint marks on the screen that are
| usually present for those who don't regularly wipe their
| screen off?
| ARandomerDude wrote:
| It's badly worded in the article but I think it means
| person A is entering his pin. Persons B, C, D, etc. take
| selfies in the vicinity of person A. By comparing multiple
| selfies from sightly different times, you can determine
| person A's pin.
| throw0101a wrote:
| > _The core problems with biometrics are that:_
|
| ... is that they're treated as passwords instead of usernames.
| The three problems you list all have the _biometric=password_
| assumption in them.
|
| See also using the American SSN usage: it's treated like a
| (secret) token, and so when it leaks it can be used to access
| sensitive information. Using it as 'just' a username would
| probably reduce a lot of problems as well.
| strbean wrote:
| > American SSN usage
|
| Nothing like a secret token that can be reliably guessed
| using only your birth month+year and place of birth!
| booi wrote:
| wait it's based on birth month/year/place? is there an
| algorithm to generate it or something?
| lelandbatey wrote:
| There's not quite an "algorithm"; SSN's are so short
| (it's just a 9-digit number, so max 1 billion unique
| SSNs) that they have a very simple procedure for
| assigning them. The Social Security Administration
| explains it here:
| https://www.ssa.gov/history/ssn/geocard.html
|
| - The first set of three digits is called the _Area
| Number_
|
| - The second set of two digits is called the _Group
| Number_
|
| - The final set of four digits is the _Serial Number_
|
| Certain geographic areas get certain "Areas Numbers",
| then Group Numbers are assigned consecutively, then
| Serial Numbers are assigned consecutively. This entire
| system of consecutive assignment makes it trivial to
| guess pretty well, or even exactly, what someone's SSN
| is.
| tmm wrote:
| Not since June 25, 2011 when they started randomizing
| assignment[1]. They still don't use 666 as an area
| number, though.
|
| [1] https://www.ssa.gov/employer/randomization.html
| abustamam wrote:
| This is a good change, but since it's not retroactive
| anyone born before that date (which is 100% of adults and
| probably roughly 50% of minors, who are likely not good
| targets for identity theft) are still at risk.
| registeredcorn wrote:
| I have mixed emotions about this.
|
| From a security professional perspective, this is at
| least _somewhat_ of an improvement, even if the entire
| thing feels like it 's held together with a wish and a
| prayer. I would really like if there were a means to just
| institute an entirely new system. Essentially having
| one's entire life ruined, on the chance a bad actor can
| guess a four digit number is...not great.
|
| From a genealogist perspective though, this is horrible
| news. Being able to trackdown people based off of rough
| geographic assumptions can help narrow down if someone is
| "lucky" enough to have a common name in a specific
| region. Of course, this change to SSN isn't _nearly_ as
| disastrous as the death of paper - _especially_
| newspapers - but I really do not envy anyone who is going
| to try and do historical family research in two to three
| hundred years. It makes me cringe just to think about how
| much valuable information, how many life changing
| moments, are going to be lost to encryption, bit rot, and
| the constantly changing standards of software and
| hardware.
| [deleted]
| int0x2e wrote:
| Exactly. This is a point everyone seems to gloss over but is
| fundamental to the entire concept of using biometrics.
| arisAlexis wrote:
| Me and my team have developed a solution for the 3 problems
| mentioned. Anyone interested to discuss further find my email
| on my profile.
| PinguTS wrote:
| And they distributed it with the Datenschleuder. Cannot
| remember the issue, but I have it still somewhere at home.
|
| It is like a highly distributed backup of that fingerprint.
| landemva wrote:
| State driver license in USA is a honey pot of thumb/finger
| scans. Anyone on HN think the NSA doesn't have access? NSA
| info sharing with trusted foreign countries makes a reliable
| distributed backup for use by foreign spooks.
| nanidin wrote:
| > State driver license in USA
|
| In which states? The only thing I have been fingerprinted
| for is in the US is The Global Entry program.
| reaperducer wrote:
| More and more states require fingerprints for driver
| licenses because of the RealID program. Eventually
| (soonish) you won't be able to use your driver license to
| fly without it being RealID compliant.
|
| One state I lived in gave me the option of not having a
| RealID-compliant license if I wanted to. Another didn't,
| so fingerprints were compulsory.
| nanidin wrote:
| As far as I can tell, Real ID does not require
| fingerprints, only digital color images of the face[0].
|
| [0] https://www.biometricupdate.com/202101/real-id-law-
| quietly-p...
| fragmede wrote:
| heads up that the RealID deadline got pushed back to May
| 3, 2023
| dylan604 wrote:
| I've only had a state issued driver's license in CA and
| TX, and both require thumb prints. But I'm sure if you
| were truly interested, you could search the web for that
| information fairly quickly, actually probably faster than
| it took to post the question to HN:
|
| https://duckduckgo.com/?q=which+states+require+thumb+prin
| t+f...
| nanidin wrote:
| My intent wasn't to find out which states require prints,
| it was to drive conversation in order to refute the claim
| that state driver licenses are honeypots for
| fingerprints.
|
| Fingerprints are not required as a part of Real ID
| implementation. Real ID seems like it would be the main
| driver for feature parity between licenses of different
| states. If fingerprints aren't required by Real ID, then
| it seems like it would be incorrect to assume that all
| states require fingerprints - and thus also incorrect to
| assume that driver licenses in the USA are used as
| honeypots for fingerprints.
|
| Perhaps landemva should have specified which states are
| using driver licenses as honeypots for collecting
| fingerprints?
| JohnFen wrote:
| Particularly since it's only being done in four states.
| That explains why I'd never heard of the practice.
| landemva wrote:
| It appears JohnFen partially geolocated me!
|
| A few years ago I had top tier frequent flier status, and
| the airline kept offering to pay the Global Entry fee for
| me. Sit for a lame interview and provide a bunch of info
| to power-starved snooping Karens? No thanks.
| twobitshifter wrote:
| State law enforcement fingerprinted me as a child around
| 11 years old.
| fragmede wrote:
| If your argument is that the NSA doesn't have your
| fingerprint because only the Global Entry Program has
| your fingerprint, I find that highly suspect. Of all the
| databases to be shared with the CIA and the NSA, Global
| Entry seems entirely reasonable that they be given
| access. Unlike state's driver license database where it's
| objectionable that the NSA be allowed to access it,
| Global Entry has to do with people coming in and out of
| the country and so seems entirely reasonable the NSA
| would have access, never mind the fine print no one reads
| when signing up for the program. I wouldn't be surprised
| if any of the three programs (Global Entry, TSA Pre,
| Clear) have it in their fine print that the CIA is
| legally given access to that database.
| nanidin wrote:
| My response did not intend to address the NSA, it was
| intended to address the "state driver license in USA is a
| honey pot" since in my experience states do not collect
| fingerprints for driver licenses. Based on some cursory
| research there are only a small handful of states that
| require fingerprints, and fingerprints are not required
| for implementation of Real ID.
| [deleted]
| jiveturkey wrote:
| those aren't a problem when the biometric is used correctly. eg
| not as single factor authentication
| runarberg wrote:
| I really like it in Demolition Man, how they thought of a
| future which used biometrics for secure access (in that case
| retina scan). But they also saw how easy it was to bypass it
| when Simon (Wesley Snipes) simply takes the eye of the warden
| to escape his prison.
|
| I don't think this was intentional but they managed to
| demonstrate (or at least for-shadow) the incompetent police
| force of the future this way.
| vletal wrote:
| The title almost sounds like that they have a meaningful
| fingerprint ready to open her iPhone... Was that the case? Or
| do they have a somewhat accurate partial fingerprint? I failed
| to find recoding of the presentation.
| DangerousPie wrote:
| AFAIK iOS actually uses the pattern of veins below the
| fingertip rather than an image of the fingerprint itself. So
| I can't imagine this would be enough to unlock an iPhone.
| joecool1029 wrote:
| You're sort of not wrong, touchid uses a capacitive sensor
| vs. a visual/camera sensor which has become more common in
| other devices. What this means is _in theory_ you 're
| measuring the electrical behavior of the outer layers of
| skin, and Apple claims goes as far as measuring subdermis.
| (This is also is why their touchid scanners don't work on
| wet fingers as the behavior is thrown off).
|
| However, they are showing their attack working on a Macbook
| Pro with touchid, which uses this sort of reader. So it's
| easier to fake in practice than it is in theory. Whatever
| material you lift the print off of should have to mimic the
| capacitive behavior of the finger and this looks like it
| busts Apple's claim that it can read the lower layers (or
| it tells us their default sensitivity is set too low for
| convenience)
| yeetaccount2 wrote:
| I'm waiting on a court case with a fingerprint as key evidence
| for conviction, in which the defendant brings this up. Might
| not pass reasonable doubt muster, but what if somebody sold
| fingerprint forgery kits online that made it push-button
| simple? Just supply an image or two, run it through some ML to
| reconstruct the print, laser etch a latex glove or similar...
|
| I wonder if you could use CRISPR or "lab-grown meat" techniques
| to do the same with DNA evidence...might be something that
| would get you a contract with the CIA/NSA.
| madeofpalk wrote:
| Fingerprint recognition has been mainstream in consumer
| tech/iPhones for 8 years. Surely it would have already
| happened?
| rawsta wrote:
| Sure. No one has ever faked a fingerprint to access phone
| of the partner or used a printout to trick facial
| recognition to see the latest mails. Today even little Kids
| fake fingerprints of their parents to buy some
| microtransactions.
| [deleted]
| ipspam wrote:
| Could work for a digital intrusion, but for crime scenes
| there is dna
| AnthonyMouse wrote:
| DNA evidence is overrated. People leave their DNA
| everywhere, so it's not that hard to get some and then
| plant it somewhere else.
|
| The tests also have varying accuracy rates, but people
| misunderstand what it means. If the test is 99.99%
| accurate, that doesn't mean that there is a 99.99% chance
| that the defendant is the perpetrator. It means that in a
| region with ten million people, you've whittled your
| suspect list down to a thousand people. If you pick one of
| them at random there is only a tenth of a percent chance it
| was them.
|
| This especially problematic when dealing with "DNA
| databases" because then with a large database you have a
| high probability of finding a false positive match and the
| true perpetrator might not even be in the database.
| ampdepolymerase wrote:
| Why in the world would you need CRISPR or lab grown meat?
| Just sequence the DNA and send it off to a DNA assembly
| service. The price is a couple hundred bucks a pop. You don't
| have to replicate the entire DNA, just the segments used for
| forensic PCR.
|
| (On a side note, the state of biotechnology and life science
| knowledge on HN is utterly deplorable, repeating buzz words
| does not reality make.)
| 14 wrote:
| You make fun of people's knowledge but at the same time
| suggest sending DNA to a lab to have it replicated. That
| would be not very smart since op was discussing how someone
| might get away with a crime and you suggest just contacting
| a professional service and probably just use a credit cart.
| Not smart at all. So we may not be biotechnology savvy but
| we have other areas of knowledge you obviously lack.
| aezell wrote:
| hahaha - Friend, this is a news website not a scientific
| forum. Relax.
| mdp2021 wrote:
| And what is involved in the DNA sequencing? And the DNA
| assembly service will probably take record of the operation
| itself (it is not a common service).
|
| In the context...
| upofadown wrote:
| Most of the evidence that shows up at a court case is
| forgeable. Simply showing that a particular piece of evidence
| _could_ be forged in no way proves that it _is_ forged. You
| would need some sort of argument to prove your contention.
| hasmanean wrote:
| All evidence is ultimately forgeable. At some point a
| modern day Godel could prove that "justice" in a free
| society is mathematically impossible.
|
| The law has to operate within a practical compromise and
| err heavily on the side of reducing false convictions.
| omgwtfbyobbq wrote:
| Or err heavily on reducing the release of the guilty,
| depending on the region.
| angst_ridden wrote:
| Sadly, "forensic science" is often not science at all. Much
| of it is barely an improvement on the techniques from the
| Victorian era. Altogether too much of it is an expert
| saying "these two samples look like a match" without a
| quantifiable metric. DNA evidence has made enormous leaps
| in the right direction, but even that requires a good chain
| of custody, good lab practices, and honest actors
| throughout the process.
| landemva wrote:
| 'what if somebody ...' made SaaS service to upload pictures
| and overnight ship the fingertip.
| yeetaccount2 wrote:
| Sounds like they'd get lots of subpoenas.
| qw wrote:
| It would probably cause a huge media storm. Then the
| politicians would "fix it" by replacing it with face
| recognition... (suddenly Face/Off is no longer science
| fiction)
| dylan604 wrote:
| As long as you can weather the storm, a storm is not the
| death of shady businesses. The shady facial recognition
| software that scraped social media for images got some
| bad press, and then just stayed calm and carried on.
|
| For all of those outraged by the media storm, it is free
| advertising to those actually interested in the service.
| All of the pearl clutchers feigning shock and outrage
| over shady service mean nothing to the company providing
| the service, as these were never going to be their
| customers in the first place.
| reaperducer wrote:
| _suddenly Face /Off is no longer science fiction_
|
| Didn't a woman in France already have a face transplant?
| brezelgoring wrote:
| I don't think it was the type of transplant Face/Off was
| depicting, hers was very natural-looking but also visibly
| not a normal face.
|
| I'd like to see Mission: Impossible type transplants, or
| even masks like the ones they use, for that matter.
| wongarsu wrote:
| The CIA's former Chief of Disguise says they very much
| exist and are used, with some limitations [1]. Her
| comment on the 3d printer making the mask: "What if I
| said we had it".
|
| Of course that's not really surprising when you look at
| the kind of Halloween masks you can get if you are
| willing to pay [2]. I imagine if you could special order
| them to perfectly fit your head they would be very
| convincing to the casual observer and to software.
|
| 1: https://youtu.be/mUqeBMP8nEg?t=673
|
| 2: https://www.youtube.com/watch?v=Y32hdPV0L3k
| jcims wrote:
| Would make for a good Black Mirror episode.
| aqme28 wrote:
| From the linked article, it sounds like that already exists
| in some form.
|
| > Using several close-range photos in order to capture every
| angle, Krissler used a commercially available software called
| VeriFinger to create an image of the minister's fingerprint.
| emodendroket wrote:
| Considering the extremely dubious evidence that makes its way
| into courts, such as bite mark analysis, I doubt you'd get
| that much traction arguing about these scenarios with
| fingerprints.
| passivate wrote:
| I'm sure the military has better than average tech when it
| comes to security, but I wonder if they're agile enough to
| embrace the rapid technological change that is necessary to
| stay on the bleeding edge. These days when I hear military +
| security in the same sentence I think of aging warships running
| running windows 2000, using oddball niche technology supplied
| by equally oddball government contractors/vendors.
| jrootabega wrote:
| And, in some cases, not considered protected by law, which
| overlaps well with #2 and #3.
| eden_hazard wrote:
| How the heck did they get the fingerprint from that? Is there
| actually tech to enhance blurry images like that?
| endymi0n wrote:
| iirc they had a waiter as a conspirator serving that guy at a
| banquet
| sm4rk0 wrote:
| There were (at least) two such "stunts" in the past
| involving German ministers:
|
| In 2008. "fingerprint of then interior minister and current
| Finance Minister Wolfgang Schauble" was sourced from a
| glass:
|
| https://freerepublic.com/focus/f-news/1995935/posts
|
| In 2014. "A speaker at the yearly conference of the Chaos
| Computer Club has shown how fingerprints can be faked using
| only a few photographs. To demonstrate, he copied the
| thumbprint of the German defense minister" Ursula von der
| Leyen
|
| https://m.dw.com/en/german-defense-minister-von-der-
| leyens-f...
| syntheticcorp wrote:
| They used several close range photos, not the one in the
| article.
| cinntaile wrote:
| It says several images were used. You can't generate a
| correct fingerprint from that blurry fingerprint picture. The
| data has to exist in order to reproduce it.
| ozim wrote:
| Pin/password can also be hacked and there is no need for fancy
| 3D printer.
|
| Someone can use their smartphone to film other person as they
| type stuff in, no need for printing fake print. They can steal
| phone/laptop as soon as they are done filming.
|
| This is the case that fingerprint sensors are preventing.
|
| Pointing out problems is useless - as people don't have
| alternative that would be "all-mighty secure without flaws".
|
| It should be defense in depth not - and that is already there
| for example banking apps - you need fingerprint to unlock the
| phone and banking app requires its own specific PIN. Getting
| those 2 things makes it much harder for bad guys to do
| something like money transfer. Yeah they might get your photos
| and other stuff - but probably there are secure store apps that
| would encrypt your photos if you have ones that you really want
| to protect.
| rhn_mk1 wrote:
| > This is the case that fingerprint sensors are preventing.
|
| They aren't. Your parent post already mentioned that they
| were extracted by filming.
|
| Passwords don't have the other 2 problems, and I'm not really
| sure what is gained by not talking about them.
| ozim wrote:
| For fingerprint it is "using several close-range photos in
| order to capture every angle" - to get PIN, I need one
| angle and probably not even close-range of video and even
| weird angle if I have to sneak up onto someone in a metro
| or in a coffee shop.
| UncleEntity wrote:
| well, TFA used _one_ photo...
| ozim wrote:
| How convenient for them that they:
|
| 1) did not write what are needed parameters of the photo
| or quality of left fingerprint
|
| 2) it does not look like they used photo from an angle of
| the screen as in article but some other closeup
|
| 3) somehow unlock stuff with thumb where most people use
| index finger
|
| 4) then they use index finger to operate "thumb" print
|
| 5) who touches screen like that with thumb, who touches
| back of the phone like that
|
| In the end with PIN I can look over someones shoulder and
| not even have to make a video.
|
| I agree with the premise of what they say that people
| might think fingerprint is "super secure" while it is
| not...
|
| But it is secure enough for most of the people and more
| secure that typing in PIN or short password or for people
| using 0000 or 1234 as PIN.
| Normal_gaussian wrote:
| The fancy 3D printer in this case is a regular toner printer
| and some garden variety wood glue.
| trie wrote:
| > 1) Not revokable (unlike compromised credentials)
|
| Isn't that what _Cancelable Biometrics_ e.g. [0] is about [0]
| https://ieeexplore.ieee.org/document/7192838
| sm4rk0 wrote:
| The video from the conference, in German:
|
| https://media.ccc.de/v/31c3_-_6450_-_de_-_saal_1_-_201412272...
| EGreg wrote:
| That's why this is a dumb idea, merchants can just use the
| replay attack: https://www.wsj.com/articles/in-china-paying-
| with-your-face-....
|
| The only place where you should be using your biometrics is to
| unlock devices you carry with you, like the iPhone.
| js4ever wrote:
| Even for that it's not safe if anyone can bypass it with a $5
| trick. It's definitely a thumb idea
| [deleted]
| DennisP wrote:
| > definitely a thumb idea
|
| Four hours have gone by without comment on this and I feel
| the offense should be recognized.
| imwillofficial wrote:
| I thought it was intentional, won't lie, I laughed.
| y4mi wrote:
| You can unlock most home doors within seconds even without
| having the key
|
| Nonetheless, we still lock our doors and thieves often
| break in, even though picking the lock is both safer and
| less likely to arouse suspicion.
|
| Your argument makes sense, but we humans aren't really
| rational
| Aengeuad wrote:
| There's a good reason why criminals don't carry lockpicks
| around and that's because they're regulated, in much of
| the world mere possession of them outside of your
| residence is a criminal offence and even in places where
| you can carry them legally they not only show prior
| intent, their use in criminal activities carries a charge
| just like breaking and entering. I'd also argue that
| being stuck picking a stubborn lock for 2-3 minutes is
| significantly more suspicion arousing than the literal
| seconds it takes to break a window but that's neither
| here nor there.
|
| On the rationality of having locks when criminals can
| very easily break a window, the old saying that locks
| keep honest people out rings true. Locks do serve a
| purpose even if they do very little to slow criminals
| down. To bring the analogy full circle fingerprint
| readers always seemed like windows to me in how easy they
| are to bypass, luckily they're more of a luxury than a
| necessity. :-)
| lstodd wrote:
| Lockpicks for the common locks can be made on site in
| under 5 minutes and then after about half-minute the lock
| is broken, and picks are discarded.
|
| That is why they aren't carried around any more.
|
| And that is not taking into account that most locks can
| be defeated without lockpicks, a steel ruler will do.
|
| It's just sad when people that don't know a bit about the
| trade boast about "regulations" and how they are
| relevant. They are not.
| fragmede wrote:
| Breaking into my house doesn't get you my password for
| all of my accounts though, no matter how much of an
| invasion of my space it is.
| dangerface wrote:
| until you fall asleep with your phone on you.
| bitxbitxbitcoin wrote:
| I would argue that the devices you carry with you are exactly
| the ones you shouldn't use biometrics for.
|
| Law enforcement can force you to use biometrics to unlock a
| phone. They have used dead bodies to unlock phones.[0] What
| they can't do is make you remember a code/password which you
| have "forgotten."
|
| [0] https://www.forbes.com/sites/thomasbrewster/2018/03/22/ye
| s-c...
| FridayoLeary wrote:
| The vast majority people will never encounter a
| circumstance where that will be an issue. To withhold a (n
| optional) feature from the masses based on the hypothetical
| actions of an agency who can abuse your fingerprints but
| will stop short of torture doesn't really make sense.
| reaperducer wrote:
| HN, and the tech bubble at large, is all about "edge-
| cases." Too many Debbie Downers getting off on playing
| "what if" scenarios, while ignoring reality.
| eatbitseveryday wrote:
| > Unfortunately for the FBI, Artan's lifeless fingerprint
| didn't unlock the device (an iPhone 5 model, though Moledor
| couldn't recall which. Touch ID was introduced in the
| iPhone 5S). In the hours between his death and the attempt
| to unlock, when the feds had to go through legal processes
| regarding access to the smartphone, the iPhone had gone to
| sleep and when reopened required a passcode, Moledor said.
|
| From your https://www.forbes.com/sites/thomasbrewster/2018/
| 03/22/yes-c...
| fragmede wrote:
| Except the FBI probably won't make that mistake again.
| They'll wake up a judge and expedite the process, citing
| this exact case as to why they need to be granted the
| subpoena. from there it's not that hard to make a jig
| that constantly does some sort of action so the phone
| never goes to sleep.
| criddell wrote:
| > What they can't do is make you remember a code/password
| which you have "forgotten."
|
| They might be able to with an FMRI machine.
| twobitshifter wrote:
| In the US at least FMRI should fall under fifth
| amendment, right? Otherwise the fifth amendment would be
| useless. A right to remain silent wouldn't exist if you
| can't silence your brain. If one day there are stargate
| replicators that can reach into your mind, would that be
| legal?
| criddell wrote:
| In court, absolutely.
|
| There are still plenty of places where polygraph
| examinations are used legally.
| smeyer wrote:
| Maybe at some point in the future, but we definitely
| aren't at the stage of being able to parse out a specific
| password from an FMRI reading right now.
| criddell wrote:
| No, but combined with torture it might be effective
| enough.
| russh wrote:
| They can just '538 it. https://xkcd.com/538/
| GTP wrote:
| No, I think that adding torture to the mix will make the
| FMRI results even less readable
| criddell wrote:
| What I was thinking was using FMRI to find out if they
| actually do remember the password (FMRI lie detection
| really only works with yes/no questions, AFAIK). If they
| don't know, then torture is a waste of time. If they do
| know, then you know torture _may_ be fruitful.
| rawsta wrote:
| FMRI uses indicators like pulse, heartrate, etc. to make
| a more or less estimate on the truthfulness. Torture can
| make these indicators useless. Torture is a very flawed
| method to extract informations. You can't be sure that
| the victim isn't telling lies or admits to crimes just to
| make the torture stop.
| dylan604 wrote:
| For some, being placed in the MRI would be torture. Hope
| you don't have a plate in your head or other bodily
| location. Would torturers be so concerned with this, or
| is that just part of the threat.
|
| TLA person: Give us the code or we put you the MRI
| machine!!
|
| Victim: Can't you just use a $5 wrench instead?
| kwhitefoot wrote:
| > What they can't do is make you remember a code/password
| which you have "forgotten."
|
| But they can lock you up for not supplying it.
| trident5000 wrote:
| 24 hour fitness wanted my fingerprints to check into their gym. I
| had to explain to multiple employees why that was never going to
| happen.
| afrcnc wrote:
| Known since 2007:
| https://twitter.com/Makdaam/status/1462800634197987329
| Sohcahtoa82 wrote:
| Is anyone surprised by this?
|
| I've been telling my friends for a couple years now that
| unlocking via fingerprint is a _convenience_ feature, not a
| security feature.
| [deleted]
| legrande wrote:
| Anyone else see this technique a few times in heist movies? I
| always knew it could be done, but having a blogpost detailing how
| to do this is is pretty cool.
| elias94 wrote:
| Have you ever seen the Charlie's Angels movies? They where taking
| the fingerprints using a beer bottle.
|
| Same method but 21 years ago.
| voidmain wrote:
| Biometrics are not secrets (it must be assumed that attackers
| always possess all biometric data), but they can nevertheless be
| a good form of authentication _when combined with situational
| awareness_. If you try to use one of these hot glued fingerprints
| in front of a security guard, it isn 't going to go well for you.
|
| At the moment, humans are still necessary for situational
| awareness, but probably machines can get there pretty soon. A
| phone, for example, that monitors its surroundings continuously
| and has enough intelligence to reliably distinguish normal access
| by its owner from duress or the presentation of fake biometrics
| seems like it's within reach of current technology (though it
| doesn't actually exist).
| capitainenemo wrote:
| You think the typical security guard would notice a print if it
| was glued on the finger? At workplaces I've worked at in the
| past they weren't watching the flow of traffic through the gate
| all that carefully...
| joenathanone wrote:
| Additionally a little social engineering would get right past
| an attentive guard, just strike up a little small talk to
| distract their attention.
| acdha wrote:
| I think this depends on how well they do liveness tests: it's
| expensive to have guards checking everyone's hands (but
| certainly not prohibitively so if you have that level of
| threat) but it'd be a lot cheaper if your sensors are fairly
| good at raising an alarm to attract scrutiny.
| jbaczuk wrote:
| I bet you could make one that looks like part of your skin
| pretty easily.
| theandrewbailey wrote:
| Don't forget to change your fingerprints, face, and mother's
| maiden name regularly.
| rStar wrote:
| apple: use your fingerprint ... gov: fingerprints are fungible
| ... apple: use your eyeball then!
| sparkling wrote:
| This should not be news to anyone. Chaos Computer Club
| demonstrated almost the same technique in this 2006 video
| https://www.youtube.com/watch?v=OPtzRQNHzl0
| say_it_as_it_is wrote:
| MacGyver did it in the 80s
| rvz wrote:
| Yeah, this isn't new. It's just cheaper.
| hannob wrote:
| Exactly, just wanted to link this as well.
|
| There's of course nothing wrong with pointing out already known
| security flaws, but it's good practice to mention when this is
| a well known thing and reference prior work - which the post by
| kraken does not do.
| zeven7 wrote:
| Is modern facial recognition any better or is it also considered
| bad to use for anything sensitive?
| rei_ayanami wrote:
| That would also be username like one other user mentioned. Not
| passwords.
| zeven7 wrote:
| I know that's something people say, but that doesn't actually
| give me the information I need to be informed about _how_
| secure or insecure it is and how hard it is to bypass.
| m3kw9 wrote:
| Biometrics is almost like security thru obscurity.
| fortuna86 wrote:
| I'd say it's a slight step up.
| dxf wrote:
| The huge advantage of biometrics (fingerprints, FaceID, etc.) is
| the ease with which a user can unlock their phone. A passcode may
| be better than a fingerprint, but a fingerprint+longer passcode
| is better than a shorter passcode (or no passcode at all).
|
| Having a 12 character alphanumeric passphrase you enter each time
| you want to unlock is not something most users want to do.
|
| See e.g.:
| https://www.businesstoday.in/technology/news/story/what-kick...
|
| _Only about 49 per cent of the users were setting a passcode,
| which meant that the remaining 51 per cent were not benefiting
| from the data protection mechanism. When Apple dug in to
| understand the reason, the findings revealed that users unlock
| their devices a lot - on an average about 80 times a day. And
| about half of its users simply didn 't want the inconvenience of
| having to enter their passcode into their device, at times. At
| that time, in 2012-2013, the default passcode length for iPhone
| was four digits, which happens to be six today.
|
| Apple realised that it needed to come up with a mechanism that's
| fast and secure, and doesn't involve typing in the passcode.
| That's when Apple introduced Touch ID, which was easy, fast and
| secure. The way that biometric authentication worked on Apple
| platforms was that the user must set a passcode to be able to use
| the biometrics. And just as Apple thought, there was a much
| higher adoption of biometric-based TouchID. Apple says over 92
| per cent chose to use Touch ID and had therefore set the
| passcode, which in turn meant users were able to use Apple's data
| protection encryption system._
| mdp2021 wrote:
| > _The huge advantage of biometrics ... is the ease with which
| a user can unlock their phone_
|
| This does not prevent involuntary unlocking - it actually can
| allow for eased against-will unlocking.
|
| <<Ease>> and security may sometimes not be friends.
| breser wrote:
| At least on iPhones though they have a way to activate a mode
| that prevents the use of TouchID and FaceID. If I press the
| power button on my phone 5 times in a row that turns that
| off.
|
| Yes I still run the risk of my device being unlocked against
| my will if I'm caught by surprise. But I'm able to disable
| this functionality in places where I think the risk of that
| may be higher, e.g. while traveling.
|
| I'll still take the trade off of longer password (not just a
| few numbers) on my phone while using a biometric test for
| normal access.
|
| Of course not everyone may have the same threats to consider
| and others may make different choices. Doesn't make either of
| our choices wrong.
| kurthr wrote:
| On modern FaceID phones you need to hold the power and down
| volume key to bring up the Reset/PowerOff and cancel. Just
| clicking multiple times will bring up wallet, siri, or do
| nothing.
| jeroenhd wrote:
| Biometrics are great for authentication but terrible for
| authorization. Anything sensitive should require both. There's
| nothing wrong with a fingerprint and a password or a fingerprint
| and an RFID card as an authorization/authentication pair; you
| just have to keep these things in mind.
|
| I've fallen to the laziness of using fingerprints on my devices
| as well, but they still require a password to decrypt the
| contents of the storage device on boot. For many, if not most,
| threat models, this is perfectly fine.
|
| I lock my phone to prevent people with messing with my contacts
| and scrolling through my messages. It's an inconvenience to
| bypass that requires preparation. A motivated attacker would just
| as easily spy over my shoulder if I were to use a password,
| either on my phone or on my laptop.
|
| I look at these mechanisms like the lock on a teenager's bedroom
| door. Those things aren't impenetrable and anyone with just a
| little lockpicking experience or access to some automated tools
| can open them in a minute. Unlike the locks on our front doors,
| built to keep intruders that don't want to risk physical damage
| to our windows out, they're a message: please don't violate my
| privacy. Violating that privacy is made moderately difficult by
| the mechanism itself, but it's hardly impossible.
|
| Unless you carry a password-protected authentication and key
| management token with you at all times, you're at risk of having
| your system broken into. Most of us don't need to worry about
| those kinds of things.
| legulere wrote:
| "Authentication is the act of proving an assertion, such as the
| identity of a computer system user. In contrast with
| identification, the act of indicating a person or thing's
| identity, authentication is the process of verifying that
| identity." (https://en.wikipedia.org/wiki/Authentication)
|
| So it's not useful for authentication but could be used for
| identification.
| krisrm wrote:
| This doesn't make sense to me. In what use-cases do we use our
| personal computers authenticated but also unauthorized?
| hartator wrote:
| > Biometrics are great for authentication but terrible for
| authorization
|
| What does that mean? Unlocking your MacBook gives access to
| your RSA keys and all is lost.
| blakesley wrote:
| As the other commenter pointed out, he probably meant "great
| for identification but terrible for authentication".
| mfollert wrote:
| How do you protect your private keys? I already have an
| yubikey but it still feels not great.
| webel0 wrote:
| [edit for clarity]
|
| As someone who doesn't specialize in security, one claim that has
| stood out to me for not using fingerprints is that you can't run
| bcrypt (or some other salting algorithm) on fingerprints [1].
|
| I don't see any discussion of that here thus far. Is that still
| the case? I feel like I would have heard about developments in
| this area if something had changed. But perhaps I've always
| misunderstood the criticism?
|
| [1] https://www.rsaweb.co.za/fingerprint-security-
| fingerprints-a...
| cool_scatter wrote:
| Fingerprints are stored as data, and data is hashable. As
| someone who doesn't know the ins and outs of fingerprint
| readers, that sounds ludicrous. I also don't see why it would
| need to be hashed, however.
| webel0 wrote:
| Thanks for your comment. I have updated my comment to try to
| be more precise.
| tantalor wrote:
| Says who?
| webel0 wrote:
| Thanks for your comment. I have updated mine to include a
| reference. In short, I'm thinking about how fingerprints are
| stored.
| louissan wrote:
| James, is that you?
|
| https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2F...
| emodendroket wrote:
| Yes. But at a certain point one has to consider how much security
| is "enough." Someone could break into my house, even when locked,
| by kicking in the door or breaking a window, but I don't
| necessarily need to turn it into Fort Knox in response. If you
| are a high-value target, it is worth thinking about this, but for
| the average person, I think it might be a reasonable trade-off.
| gannon- wrote:
| Could a similar concept apply to face-id passwords? What's
| stopping face-ID spoofing?
| immmmmm wrote:
| in biometrics this is called a Presentation Attack (PA), here the
| fake fingerprint is the analog of presenting a photograph, video
| or 3dp mask to a face recognition system. this is usually
| mitigated by the use of Presentation Attack Detection (PAD)
| systems, either hardware, software or hybrid. in this particular
| case it can easily be mitigated by some hardware that measures
| the amount of water in the biometric sample, for instance
| capacitive sensor, transparent conductive electrodes or maybe
| even better some optical sensor that is sensitive to SWIR
| wavelengths reflectivity differences (1000 and 1200 nm would be
| great here). a short scholar search will indeed reveal that this
| is a very active area of research, and probably will reveal tens
| of papers from our group which is a leader in this.
| kspacewalk2 wrote:
| For devices like phones and laptops, this sounds too
| complicated. Why not instead just use passwords, patterns, etc?
| I doubt anyone who's genuinely sensitive about their device
| being secure uses biometrics to unlock it anyway, so this seems
| to be just a convenience feature for the casual user with
| minimal security concerns. As such, making it more complicated
| doesn't seem worth it.
|
| And if we're talking about authenticating people in truly
| secure environments, my gut tells me that adding a couple more
| factors to even a simple fingerprint reader ought to be more
| secure and robust than making a super-complicated fingerprint
| reader and leaving it as the only factor.
| newsbinator wrote:
| Would this be foiled by a latex glove printed with that
| fingerprint and worn to scan in?
| immmmmm wrote:
| the capacitive one yes probably, the two other i doubt it.
| sure you can always use a conductive coating as well as a
| material that mimic optical propreties of skin. the question
| is not IF a system will be spoofed, the question is WHEN.
| [deleted]
| twobitshifter wrote:
| It's relatively easy to produce "phantom" that mimics
| tissue/skin from household ingredients. This is used in medical
| labs.
|
| https://deepblue.lib.umich.edu/bitstream/handle/2027.42/3819...
| the_arun wrote:
| Using same idea, could't AI generate FaceId from videos?
| lordnacho wrote:
| Sounds likely. When you train FaceID you are filmed. What's to
| stop someone from using film of you giving a speech?
|
| At best the biometric locks are like locks on your house. Stops
| most people but not someone really determined.
| cool_scatter wrote:
| It uses an IR camera as a proximity sensor. A video isn't
| good enough. You would need AI to construct an accurate 3D
| model of the face based on it.
| lordnacho wrote:
| Yes that's what I meant, someone could construct the
| necessary biometrics from a video and some ML.
| acdha wrote:
| FaceID is more complicated: it uses an infrared camera and
| projects an array of dots on your face so the problem wouldn't
| just be generating a realistic video of a face but more along
| the lines of constructing a mask which would have similar 3D
| structure including how it reflects infrared light.
| SEJeff wrote:
| Fingerprints are usernames, not passwords. Here is an excellent
| (and timeless) post on this fact:
|
| https://blog.dustinkirkland.com/2013/10/fingerprints-are-use...
| darkwater wrote:
| I always thought that since the beginning, but unfortunately
| the world went into another direction. People always said
| "something you have and something you know", but now for most
| cases it's just "something you have - your body". Obviously if
| in the future remote mind-readers are invented, the "something
| you know" part will also get obsolete, but for now we should
| stick to it.
| braincoke wrote:
| I believe it's - Something you have (key, device,...) -
| Something you know - Something you are (biometry)
|
| In Europe there is a regulation (PSD2) that defines a strong
| authentication as 2 of the 3 listed above.
| amalcon wrote:
| I've always disliked this breakdown. My body is something I
| have -- it's just potentially (not always practically --
| see the article) more difficult to clone or otherwise use
| without my consent than a key fob or something.
|
| Edit: To be clear, I don't think this is an argument _for_
| biometrics, but rather an argument against them. They can
| 't complement something I have in a two factor scheme,
| because my biometrics _are_ something I have.
| jagged-chisel wrote:
| But it's the parts that are easily forgeable
| (fingerprints, retinas, etc) that are being relied upon.
| By "forgeable" I mean "things that someone else can also
| have by creating copies."
|
| I don't think we have yet good metrics on how to detect
| specific individuals using a full-body scan. Not to
| mention the invasiveness of creating your personal
| initial dataset. Most folks won't stand for it. So right
| back to parts that are forgeable...
| folkrav wrote:
| I'd tend to describe one's body as a state more than a
| possession. You are your body, it's not something you can
| get rid of.
| avianlyric wrote:
| Your body isn't very easy to replace. Passwords and
| devices are.
| SEJeff wrote:
| This is precisely why he is a poor "password" / secret
| replacement.
|
| Whelp, your fingerprints have been cloned. Time to go get
| them burned off and get some new ones. Yeah, that's not
| gonna work.
| blagie wrote:
| There are two threat models:
|
| - Virtual
|
| - Physical
|
| In the virtual threat model, difficulty needs to be insane,
| since any of 7 billion people can launch automated attacks on
| my server.
|
| In the physical threat model, difficulty can be moderate, since
| the only people who can attack are ones physically here. My
| front door has a pickable lock, and my windows are breakable.
| My key threat is my crazy stalker ex.
|
| Fingerprints are usually in the latter category, and provide
| pretty good security.
| GoblinSlayer wrote:
| Secrecy is only an approximation of difficulty. Given the
| difficulty, I would estimate it as a two character password. It
| should be fine for people who have nothing to hide.
| RHSeeger wrote:
| > It should be fine for people who have nothing to hide.
|
| There are no people that have nothing to hide. There are only
| people that don't know what they should be hiding.
| madeofpalk wrote:
| Just a clumsy way of saying "not within my threat matrix"
| the_snooze wrote:
| >It should be fine for people who have nothing to hide.
|
| If I'm a company, would I want my employees to give up
| proprietary data they hold just because they personally "have
| nothing to hide?" Anyone who thinks that's acceptable is
| someone who isn't worthy of trust.
| mankyd wrote:
| > Given the difficulty, I would estimate it as a two
| character password.
|
| Sorry, but that is _way_ off.
|
| I can run through 2 character passwords by hand in a few
| hours at most, likely faster. (Assuming a qwerty keyboard, 62
| alphanumeric, plus roughly 33 other characters makes for 9025
| possible passwords.)
|
| To reproduce a fingerprint requires access, money, time, and
| expertise. It's not _hard_ but it is not trivial either. You
| need access to a good fingerprint. You need the money to buy
| the supplies (a laser printer, some acetate, and some wood
| glue). You need time to both capture the fingerprint, refine
| it in the photo editor of you choice, and then actually turn
| it into something that scans. And you need to know that this
| is all actually doable. And then that all assumes that it
| actually works; I can assure you this is not a 100% success
| rate.
|
| Put another way, if you told me you _personally_ had a two
| character password on a specific account, I could likely log
| into it _today_. Conversely, if you told me it also required
| a fingerprint to log into, I'd be out of luck. I'd have to
| learn who you are, where you lived, and then concoct a way to
| capture a clean print.
|
| As others have pointed out, biometrics != password. It's an
| apples to oranges comparison.
| IshKebab wrote:
| Fingerprints are _not_ usernames. I wish that idea would die
| but people just love putting things in existing categories so
| much they keep thinking "fingerprints aren't the same as
| passwords... so they must be the same as usernames!".
| mdp2021 wrote:
| It seems you are stating that fingerprints do not identify an
| account holder. You should justify the statement.
| IshKebab wrote:
| No, I'm stating that fingerprints to not have the same
| security and privacy properties as usernames. Therefore
| they are not equivalent to usernames.
|
| * Usernames can be changed. Fingerprints can't.
|
| * Usernames can be denied. Fingerprints can't.
|
| * Usernames are zero effort to copy. Fingerprints require
| some skill and effort (if you have a decent fingerprint
| reader).
|
| * People are happy to share usernames online. Fingerprints
| are considered much more private.
| mdp2021 wrote:
| Or, model-wise, "account holders are not accounts",
| "users are not usernames", "individuals are not their
| operating identities".
|
| Biometrics should be considered as part of the indication
| of an entity before its own accounts.
| quitit wrote:
| Getting an ID card checked by security at the door of a secure
| establishment allows the people inside that building to know
| that the holder truly is who they say they are. Inside that
| space the person has access to confidential information and
| they do not need security to constantly verify their
| credentials. ..and yet ID cards can be copied and faked - so
| why do we do this?
|
| This model is how a fingerprint can be used as a shortcut to
| deliver certain privileges. The user must first pass security
| by entering their password, and then later numerous safety
| triggers are in place to require that password again. Meaning
| that once a person is validated a stand-in can be suitable
| rather than fully evaluating each and every time.
|
| Back to fingerprints: copying a fingerprint has numerous
| barriers that these exploits frequently ignore. First it needs
| to be the correct finger, it must be clear and complete enough
| to copy and finally it must be used at a time when the device
| will accept it. While such barriers may be insufficient for a
| secure environment, this approach provides more security than,
| for example, a person repeatedly entering a pincode into their
| phone through the day - something that is both easily observed
| and remembered (and worse too if it's a gestural passcode.)
|
| To relegate fingerprints as only this or that throws the baby
| out with the bathwater - appropriate rules and context can make
| it a useful security improvement over the status quo. That
| doesn't mean it's perfect or that it has to be.
| xoa wrote:
| > _Fingerprints are usernames, not passwords. Here is an
| excellent (and timeless) post on this fact_
|
| No, that is complete absolute shit post that isn't even self
| coherent. Like, it literally whines about needing something
| that can be "independently chosen, changed, and rotated", which
| obviously describes usernames so obviously biometrics can't
| possibly be usernames by that very post! Why is this dumb meme
| so fucking persistent? Fingerprints are one of many
| _biometrics_. They aren 't usernames, which aren't an
| authentication factor at all. They aren't passwords. They
| aren't tokens. They are their own thing. They have their own
| pluses and minuses as part of a comprehensive response to a
| given threat scenario. That's it. Trying to shoehorn them into
| something else is the same as trying to shoehorn everything
| into a car analogy.
|
| All security exists solely in the context of an equation of
| threat scenario (the word "threat" doesn't even appear in that
| post), defender vs attacker resources and the value of what is
| being defended. Real security must work for actual real humans
| too. For example, rotating passwords every day/week/month is
| "secure" except that it's also a huge PITA or even outright
| impossible for many humans and defending against what should be
| a non-existent threat scenario anyway. So the obvious and
| inevitable result is that everyone starts to use crappy
| passwords, write them all down on sticky notes and text files
| and such everywhere, or both. That is not the fault of the
| users, it's the fault of a _shitty system_.
|
| Another word that doesn't appear in that post? "Camera".
| Biometrics is an enormously rich potential field, fingerprints
| are about the worst lowest hanging fruit and in no way
| represent everything particularly as we use more and more
| wearables (there are bits of entropy to be found in your body's
| cardiac cycle for example). But even for fingerprints, which is
| _really_ lower resource for attackers: getting a reproducing a
| fingerprint, or having AI go through every single networked
| look-down camera for the obvious obvious pattern of a human
| pulling out a slab of screen and then entering a PIN or
| passcode into it then recording that? Are people expected to
| never ever unlock a device anywhere but a physically secure
| area? Because see above, that is not realistic for real humans
| and thus a worthless security response.
|
| As is usually the case, the best answer is hybrid, with
| multiple levels of factor usage to try to combine the strengths
| of each. And indeed that is the way things are going.
|
| _Edit to add_ : And if I sound irritated about this I am. This
| is the same kind of user hostile shallow anti-security thinking
| that brought us things like "security" questions, password
| rotation policies, lengthy and baroque "must contain 2 caps 1
| number 3 special characters but not those special characters
| and cannot START with a number" password policies, etc. All of
| which add aggravation and failure points to no good end. Bad
| security practices affect our entire industry to the detriment
| of us all, but "bad security" isn't just a technical thing it's
| a human UX thing.
| [deleted]
| mrtranscendence wrote:
| > lengthy [...] password policies
|
| Bizarrely, my organization limits passwords to a length of 12
| characters or shorter. I agree with you, I don't want a
| password the size of a paragraph, but c'mon... 12 characters?
| xoa wrote:
| I think you misread me, or I didn't communicate clearly. By
| "lengthy" I was referring to the _policy_ , not password
| length. Indeed max password length itself is another common
| bit of foolishness, for sanity reasons arguably it
| shouldn't be infinite but ~150 characters should be fine so
| that if people want to have a long diceware passphrase
| that's fine. To the extent passwords are used at all it
| should be exclusively as input to a KDF or adaptive-hash
| anyway so storage-side it should all be normalized
| regardless of input length.
| mrtranscendence wrote:
| Ah, gotcha, sorry. "Lengthy (password policies)", not
| "(lengthy password) policies". I wouldn't call the
| policies themselves particularly lengthy, though we do
| have multiple systems with different policies for which
| we're supposed to use the same password, so there's that
| -- it's possible to set a password in one place that
| can't be set in the other. (Would something bad happen if
| they weren't in sync? I can't see how, other than it
| wouldn't be clear half the time which password to use.)
| xoa wrote:
| Sorry for not being clearer. Really though, the only
| "password policy" should be "no password
| reuse/dictionary" (check it against haveibeenpwned.com or
| the like, there is a nice API), and some minimum decent
| length. Preferably with a decent user friendly generator
| option for default suggestions too, and password manager
| friendly. It's probably not the weakest link at that
| point. "Multiple systems with different policies for
| which we're supposed to use the same password" seems like
| it should just be SSO?
|
| But I recognize in reality when using archaic systems at
| businesses with no budget sometimes hacks are just the
| best that can be done, and that's how it is. I mean,
| obviously best of all is no shared password, use proper
| key via hardware token instead and the password/PIN or
| (gasp :)) biometrics is purely something the user uses to
| activate the token. Unfortunately it'll probably be
| awhile until we get there. But the general use of baroque
| password policies, particular when interfacing with the
| general public, is still an anti-feature for security
| which has finally started to fade away.
| scott00 wrote:
| The method in the article required an hour of photoshop work.
| Anybody know how much expertise is required for that step?
| delineator wrote:
| > you leave your fingerprint on taxi doors, iPhone screens, and
| glasses of wine at your local restaurant.
|
| DNA is similar - you leave hairs in taxis, public toilets, etc.
| ruph123 wrote:
| The uniqueness of fingerprints is also questionable.
|
| e.g.: https://mathblog.com/are-fingerprints-unique/
| lordnacho wrote:
| One thing that's never been explained to me is how large the
| space is. Does everyone have one big swirl on their thumb that
| goes clockwise or counter-clockwise? Could you have two swirls?
| What is the space of potential fingerprints?
| JohnFen wrote:
| Fingerprint scanners compile a small set of identifying
| features (typically where ridges end or split). They don't
| characterize the entire fingerprint. The higher quality the
| scanning system, the more identifying features they use -- so
| the size of the search space is both smaller than most people
| think, and varies depending on the quality of the system.
| albert_e wrote:
| How about .... Fingerprint sensors + inbuilt IR sensors that
| verify that there is a "live" finger with blood and pulse behind
| that print.
|
| Would that help make FP authentication more robust?
| Spivak wrote:
| Yes, if you're interested in this kind of stuff you basically
| have to work for the military because they're the only ones
| with the funding and motivation for this kind of stuff.
| draugadrotten wrote:
| Check out the LivDet - Liveness Detection Competitions -
| https://livdet.org/index.php
| cmaggiulli wrote:
| Fingerprints are usernames, not passwords
| whirlwin wrote:
| So there is a difference here. On local hardware this is not that
| crucial. But on (portable) software relying on the fingerprint is
| more severe.
___________________________________________________________________
(page generated 2021-11-22 23:00 UTC)