[HN Gopher] Fingerprints can be hacked ___________________________________________________________________ Fingerprints can be hacked Author : SerCe Score : 606 points Date : 2021-11-22 13:38 UTC (9 hours ago) (HTM) web link (blog.kraken.com) (TXT) w3m dump (blog.kraken.com) | m00dy wrote: | Do you think that a 3d printer can replace the whole process ? | gruez wrote: | It probably lacks the resolution to do it. That said, why do | you want that when a 2d printer works fine? | resoluteteeth wrote: | FDM printers probably don't have a high enough resolution, | but I wonder if new high resolution resin printers like the | phrozen sonic 8k mini ($600) have a high enough resolution to | do it. | Workaccount2 wrote: | Only optical scanners would be fooled, capacitive and | ultrasonic readers actually read the 3D ridges of your | finger. | gruez wrote: | The 3d ridges from the 2d printer comes from the raised | lettering, which is transferred to the dried acetate glue. | fukpaywalls2 wrote: | Well, they definitely can be hacked off | [deleted] | paulpauper wrote: | The big problem with fingerprint is you may void your 5th | amendment right | cblconfederate wrote: | i guess faceid should be even easier since u can recreate a face | from a few public photos. | | Plus the good thing about fingerprints is that most people have | learned from movies+tv that fingerprints are not secret and can | be faked | [deleted] | gumby wrote: | > while your fingerprint is unique to you, | | Has this been proven to some degree or is it merely a conjecture. | | I suppose by now, governments have collected enough fingerprints | to pretty much confirm this, but I haven't seen any studies. | 100c1p43r wrote: | Well, you just leave your "password" on the device ;) | 101_101 wrote: | humm cheaper than a rubber hose, but too slow. | evancoop wrote: | The broader argument here is less about fingerprints, and more | about using anything immutable as authentication. You cannot | change your fingerprints. You cannot change your social security | number (at least not easily). These should therefore, NEVER be a | primary method to authorize access to anything. Once stolen, the | proverbial horse is out of the barn. | TheJoeMan wrote: | It would be funny to use this technique to make fake | fingerprints that are used as the keys. "Hardware key on MBP!" | h2odragon wrote: | You can in fact change your fingerprints; glassblowing and | metalwork, for example, offer numerous opportunities to do so. | Joker_vD wrote: | Don't they regenerate? I vaguely recall reading that | criminals have tried lots of surgical ideas but none would | last longer than a couple of months. | h2odragon wrote: | if they do you're not burning deep enough | | I dunno, I have psoriasis on my hands bad enough that | sometimes i dont properly speaking have skin on some | fingertips, so my experiences aren't normal. | | I recall hitting someones' demo of the "first PAM | integrated fingerprint ID system" in '98 and crashing their | machine repeatedly with my thumb. It couldn't even scan me. | thomascgalvin wrote: | Biometrics have both a high False Acceptance Rate - they will | accept invalid input - _and_ a high False Rejection Rate - they | will deny valid input. Scanners can be tuned one way or the | other, preferring FAR or FRR, but either way, they are kind of | unreliable. | | This is why multi-factor authentication is a thing. Generally, | pick two: something you have, something you know, or something | you are. | | If the scanner doesn't like your fingerprint this morning, just | use your proximity badge instead, and if someone takes a photo of | your fingerprint, it's still useless unless they also know your | PIN. | | The issue is that a lot of our hardware, particularly phones and | laptops, is single-factor authentication. And on top of that, | this hardware knows the login to a bunch of other very sensitive | material, like your bank accounts. | AtNightWeCode wrote: | As an IT professional you should know to never use fingerprints | or facial recognition for logins. | mdp2021 wrote: | It seems you are stating that biometrics should not be used to | restrict account access according to specific individuals | ("John can only access john.harrey and finance.12") | kingcharles wrote: | Also remember, in the USA, the police can legally force your | finger onto a reader to defeat the lock, without violating your | 5th Amendment right against self-incrimination. | _justinfunk wrote: | Remember (on an iPhone) you can squeeze the power button and | one of the volume keys for a few seconds. This disables | biometric authentication until a passcode is entered. | | This can protect you against this "attack vector". | GuB-42 wrote: | No, the fingerprints are not hacked. The MacBook Pro scanner is. | | Fingerprints and biometrics in general are not a secret. Consider | your fingerprint like your face. Anyone can reproduce your face, | there are cameras everywhere, and it is probably already easy to | find on the internet. "Hacking" your face by taking a picture is | the most boring "hack" ever. | | Now, if I print your face on a piece of paper, wear it as a mask | and try to say to a security guard that I am you, normally, he | won't let me in. If he does, the problem is not that I managed to | make a paper mask with a picture of you, this will always be | possible, the problem is that your guard is stupid and you need a | better one. | | And if your fingerprint scanner can be fooled by a dab of glue | and a laser printer, you probably need a better scanner, | something that Apple should be able to do. Smartphone | manufacturers like Apple are usually good at bringing fancy tech | to the masses, and they could work on defeating these old | attacks. | CountDrewku wrote: | Eh... fingerprints are quite a bit simpler than faces. They're | just patterns. I don't know how you could detect a fake | fingerprint. You'd need something that could tell there wasn't | real skin on the device. I would say warmth but obviously he | has the fake skin over his actual thumb so it's probably still | warm. | GuB-42 wrote: | Yes, I really meant fake fingers, not just fake fingerprints. | And there is plenty of research on that subject. | | Possible ways of detecting a fake fingerprint (beside | warmth): | | - Blood (we could use one of these cheap SpO2 sensors) | | - Capacitance | | - Perspiration and related skin resistance | | - Microscopic skin details | | And the usual machine learning solution of feeding thousands | of real and fake fingerprints to a neural network and letting | it decide. | | As all living things, fingers are far from simple, there are | plenty of details beyond the obvious pattern. It is a bit | like a banknote, you can photocopy a banknote and it is very | east to identify the banknote you copied. But it is very hard | to pass it off as a real one to someone who knows where to | look. | p2p_astroturf wrote: | damn i need more sockpuppet accounts so i can list all my snarky | comments: | | - no shit, use public keys | | - your 2FA can also be hacked | | - your company forcing 2FA is insufferable like all modern web | | - your KYC is literally pointless since i already gave those same | ID photos to 100 different companies, few to none of which are | competent enough to keep them secret | | EDIT: huh, this is actually a good article. but it's still ironic | since it's coming from a company that follows all the standard | snake oil | daneel_w wrote: | People commonly mistake biometrics for authentication; they are | only shallow identification. | no_time wrote: | By "laser printer" do they mean regular office printer or laser | engraver? It's a bit hard to believe that the super thin layer of | black paint produces an imprint thats significant enough for this | to work. | krzyk wrote: | OK, so here goes fingerprint scanner on phones that some thought | is more secure than Face Unlock and similar. | neycoda wrote: | So it's not easy. | rogelin wrote: | Firgerprints are usernames, not passwords. | trulyme wrote: | The biggest problem imho is that we only have two states on our | phones - locked and unlocked. | | Ideally, I should be able to unlock the phone and take photos | using just my fingerprint. In my case I would also like to be | able to call, message, play games and similar. But to access the | 2fa app, cryptoasset app or similar, I must further authenticate | in a way that I only reveal _parts_ of my secret ( "Enter 3rd, | 8th and 11th character of your password:"). The assumption here | is that I will mostly authenticate in a private setting, but | sometimes I might not have that luxury. | paxys wrote: | You can already configure apps you are allowed to use on iPhone | & Android without unlocking the device. And individual apps are | anyways free to implement their own security mechanisms. | cblconfederate wrote: | "now place your left index, then your right pinky" etc. | Labo333 wrote: | Nice concept! | | It made me realize this is the purpose of PINs for some apps | (eg Signal) | menage wrote: | On Android (don't know about iOS) you can take photos without | even unlocking - double press on the power button opens the | camera. You can't access anything else (including existing | photos in the camera roll). | trulyme wrote: | True, and it is a step in right direction. However I still | don't want to expose my bank app credentials every time I | show someone my vacation photos. | abletonlive wrote: | you definitely don't need to unlock to take photos on iOS. | redler wrote: | It works the same way on iPhones. The lock screen includes a | camera button. When tapped, the phone enter a camera-only | mode in which only photos taken during that session are | accessible. | scottLobster wrote: | Think this is still overestimating the threat. It's kinda like | saying you can hack someone's password by watching video of them | typing. True, but also non-trivial. | | If you're already being personally targeted by an organization | professional enough to follow you around, take a photo of your | fingerprint on something you touched, then painstakingly | reproduce said fingerprint through highly technical means and | then gain physical access to your personal device that uses a | fingerprint reader to use said fingerprint, you should be aware | of your position and have multi-factor authentication set up for | everything anyway. | | For your average everyday person fingerprint security is fine. | The thief who snatches your phone when you step away from your | table in the mall food court isn't going to be able to crack it | via this method. | kurthr wrote: | Yep, physical proximity is a huge barrier to any attack, and | requiring persistent physical access even more so. If you have | a plug in USB keyboard, this sort of quick attack through MitM | passthrough is even easier. | | However, having some experience with biometric sensors the | False Accept/Reject ratio both for matching the fingerprint and | detecting "liveness/spoof" is a BIG DEAL. Matching many prints | or to many people is also MUCH HARDER (combinatorically). At | high SNR (more expensive, higher resolution, larger sensor, | higher power, longer latency) these problems can be largely | mitigated with accurate recognition and very difficult to spoof | systems. Those aren't the ones people attack for online fame. | | However, when display integrated ultra-thin low cost very | convenient matching is required... it will trade off for False | Accept/Reject ratios and make the system significantly (orders | of magnitude) less accurate. Unfortunately, it appears that the | old MacBook touchbar integrated sensor has sacrificed | significantly in this area. | | Time of Flight 3D sensors make spoofing Face ID with easily | carried biometrics significantly more challenging (they tend to | be head sized). | xoa wrote: | Agree with your overall post entirely, the thing about physical | attacks is they don't scale well. If you're subject to an | actual individual threat, it's a whole different and enormously | scarier/more challenging threat scenario. | | > _Think this is still overestimating the threat. It 's kinda | like saying you can hack someone's password by watching video | of them typing. True, but also non-trivial._ | | Isn't that genuinely getting pretty trivial in public though? | And in turn I think that is a real argument for biometrics too. | The amount of over-the-shoulder camera surveillance in business | and urban areas is pretty scary at this point, as are the | concealability and cheapness of even very tiny spy cams. There | have been plenty of scandals around it even in things like | AirBNBs or hotels, historically from the context of sex, but | not a stretch to imagine that passwords could be a much bigger | and more lucrative target. And ML/AI is getting ever more | sophisticated, and humans entering PINs/passwords is pretty | repetitive behavior with a high degree of uniformity in how | it's done, at least the device-unlock level. Seems very | amenable to highly reliable automated analysis, to the extent | I'd be genuinely surprised if that's not secretly deployed | already in surveillance states. | | I don't enter PINs/passwords in public anymore if I can | possibly help it. It just seems scalable in a way that physical | attacks aren't. | anonymfus wrote: | _> If you're already being personally targeted by an | organization professional enough to follow you around, take a | photo of your fingerprint on something you touched, then | painstakingly reproduce said fingerprint through highly | technical means and then gain physical access to your personal | device that uses a fingerprint reader to use said fingerprint, | you should be aware of your position and have multi-factor | authentication set up for everything anyway._ | | But the whole point is that it's easier than you describe as | people make photos with fingerprints themself accidentally, and | technical means to reproduce fingerprints are not highly | technical. | [deleted] | grifball wrote: | Myth busters did this: | | https://m.youtube.com/watch?v=MAfAVGES-Yc | | ?13? Years ago? | kartoshechka wrote: | 2FA can be bamboozled too, given that SMS is kinda a security | joke | ineedasername wrote: | The problem with any lock is that, fundamentally, it is _made to | be opened_ when certain conditions are met. And that 's putting | aside any sort of brute force approach. | | Good security design is as much about asking, from first | principles, "what conditions need to be met to open this?" as | about considering how it might be attacked. | | For example, the condition to be met for a pad lock to open is | _not_ "when the proper key is inserted" or "the key pins are | raised to the appropriate level". It's something more basic-- | like "when the locking bar no longer blocks the shackle from | rising." | | From that perspective, attacking the key hole and pins is only | one of multiple vectors. | amelius wrote: | Or you just open the lock with a bolt cutter. | 1cvmask wrote: | My favorite photograph of a fingerprint is when the Chaos | Computer Club reproduced the German Foreign ministers fingerprint | from a photo. So much for military grade security. | | https://www.dw.com/en/german-defense-minister-von-der-leyens... | | - | | The core problems with biometrics are that: | | 1) Not revokable (unlike compromised credentials) | | 2) Not a secret | | 3) Usually trivial to reproduce and spoof (even "liveliness" | tests) | babypuncher wrote: | My problem with this reasoning is that it leads people to think | that biometrics therefore shouldn't be used. | | Can biometrics be spoofed? Absolutely. Is it likely to happen | to the average person? Not at all. For a typical everyday user, | a fingerprint or face scan is probably more secure than the | common alternatives of "sticky note" passwords, easily guessed | PINs, or no authentication at all. | | Biometrics are a compromise between security and convenience. | Before iPhones got Touch ID, it was not uncommon for people to | just not put a lock on their phone out of convenience. Now it | is impossible to find an iPhone out in the wild that is not | fully encrypted. The average level of security on consumer | devices that hold sensitive information has increased | dramatically thanks to biometrics. | Spivak wrote: | This meme really really has to die. It's so annoying that it's | spread so far. Biometric security (i.e something you are) does | not need to be secret nor revoked. That's the _entire point_. | It 's a piece of information that even when it's known by | everyone still can't be reproduced. | | The strength of a security system based on biometrics is | _exactly_ how well that system can detect that it 's reading | from an living breathing human. | | - Perfect: A human guard manually taking a fingerprint reading. | Can't be beat because the guard can obviously see that it's not | really your hand. | | - Shit: A camera that compares pictures. | | The entire industry is about making an autonomous system that | gets as close as possible to perfect. It's fine to say that you | don't think it's good enough right now but "oh no I lifted a | fingerprint from a photo" isn't some security breach. | alasdair_ wrote: | >- Perfect: A human guard manually taking a fingerprint | reading. Can't be beat because the guard can obviously see | that it's not really your hand. | | "Perfect" is too strong a statement. This is only true if the | guard very carefully checks every fingertip to ensure nothing | is glued over your normal fingertips, and even then it's | possible to distract the guard or rush them with a socially- | engineered premise. Or just bribe or blackmail them. | imwillofficial wrote: | You're missing the point. | | Biometrics are not the weakness. Current implementations | are. | philovivero wrote: | > That's the entire point. It's a piece of information that | even when it's known by everyone still can't be reproduced. | | And yet, it can be reproduced. So it seems like the entire | point is... invalid. | Spivak wrote: | Produce me a living breathing human with a chosen | fingerprint -- biometrics are not "a picture of your | fingerprint is the password." | fragmede wrote: | But similar to hash collisions, a total break (arbitrary | hash values can be output) isn't required for it to be a | problem. Where fingerprint scanners aren't magic | (especially given the sloppiness of input data), that | they're defeatable in corner cases should be enough to be | worrisome. | Spivak wrote: | Right but _exactly_ like hashing you can set the | difficulty of breaking it to your risk tolerance. | | Your phone should probably be a little loose but the | retina scanner at the datacenter of the dod will be a lot | stricter. | imwillofficial wrote: | That's not a thing (Re: dod) | justin_oaks wrote: | My thought is that biometrics should be the root of identity, | not the endpoint. You shouldn't need to scan your retina, | fingerprint, or face at every point you want to verify your | identity. Instead you use other things like public key | cryptography to verify your identity remotely, id cards | (perhaps with strong cryptography) for in-person | interactions, etc. | | Lost/stolen cryptographic keys or ID cards could be revoked | and would require a trip to your a certified biometric | verification facility where a thorough in-person inspection | would confirm that your fingerprints are real, you aren't | using a fake eye, etc. Then you'd be issued new keys/cards at | that location. Loss of ID is inconvenient, but not | catastrophic. Leaking your biometrics is irrelevant. | | Is it an infallible system? Certainly not, but it should be | able to uniquely identify someone and not allow faking | biometrics. | JohnFen wrote: | > Biometric security (i.e something you are) does not need to | be secret nor revoked. That's the entire point. It's a piece | of information that even when it's known by everyone still | can't be reproduced. | | If that's the point, the effort is doomed. All biometrics | will be able to be reproduced sooner or later. There's no way | around that. | | So, like all other identifiers, revocation is an important | trait. Even if successful reproduction is difficult and rare, | it would be utterly devastating to those affected unless | there's a way to revoke. | | > Perfect: A human guard manually taking a fingerprint | reading. Can't be beat because the guard can obviously see | that it's not really your hand. | | Not at all perfect. Can that human guard really see if you're | wearing a fake fingerprint? I doubt it, unless he's closely | examining everyone's fingerprints first. And even then... | Spivak wrote: | > If that's the point, the effort is doomed. All biometrics | will be able to be reproduced sooner or later. There's no | way around that. | | All encryption will eventually be broken therefore what's | the point is a pretty bad security posture. But like no it | won't. Even if you can fake every other metric (good luck | with eyes) a fresh blood sample taken by a guard with | hypothetical futuristic instant DNA sequencing will never | be broken. If your threat model is someone cloning you, the | you have bigger problems and they still can't clone your | fingerprints! | | You've got revocation completely ass-backwards. If someone | successfully tricks a biometric system you don't need to | revoke someone's fingerprint, you revoke the reader! That's | the thing that actually provides all the security. | | The point of the guard is that a human has absolutely no | trouble determining whether they're taking a reading of a | real hand, scanning a real eyeball, to taking a real blood | sample. Maybe in mission impossible movies but you're | really really overstating the resources required to make a | convincing hand to someone specifically looking for fakes. | Yes social engineering is a problem which is why an | autonomous system with the detection quality of a human | would be nigh unbeatable. | alasdair_ wrote: | >Not at all perfect. Can that human guard really see if | you're wearing a fake fingerprint? I doubt it, unless he's | closely examining everyone's fingerprints first. And even | then... | | The procedure at the USCIS to get my green card was | remarkably thorough. The guard manually and visually | checked each of my fingertips carefully to ensure I had no | fake print overlayed on top of my real print and I had to | keep my hands within a small area with a camera on it for | the entire process or they would restart everything. | hannofcart wrote: | Furthermore, that guard can be incapacitated, or easier | still, bribed. | runnerup wrote: | > Perfect: A human guard manually taking a fingerprint | reading. Can't be beat because the guard can obviously see | that it's not really your hand. | | Well, the argument some people are making is that this might | be no better than a human checking your ID. Yes, there the | guard can verify that there is some real human there, but | both the ID and the fingerprint could be faked (e.g. a fake | fingertip mold which matches the victim's "known" | fingerprint). | Spivak wrote: | We're talking about a guard who physically takes your hand, | inspects it, and puts your finger in ink, and then compares | that to the prints they have on file. This is exactly the | protocol that's used by the police and military when taking | prints. | fragmede wrote: | So wear fingerless gloves and social engineer a little | bit (it's cold, it's winter, I have bad circulation, | etc). If you think having a human guard makes a system | infallible, I have some bad news for you. | Spivak wrote: | Oh lord, this is firmly off that point. An alert | motivated human looking for fakes can identify them with | nigh perfect accuracy. This means that it should be | possible to build an autonomous system that can do the | same which is the goal of biometric auth systems. There | is nothing that fundamentally breaks biometric auth until | you can burn fingerprints on someone or replace eyes or | gene therapy new DNA or whatever. And even then that's | pretty damn strong. | imwillofficial wrote: | Exactly, every keeps going on about magic social | engineering attacks without providing details. | | Anyone who has had their fingerprints taken by the FBI | knows that there is a solid procedure that will detect | fakes. The idea is to replicate this near perfection, not | bolt on some revocation system for fingerprints (ouch!) | [deleted] | newsbinator wrote: | > Spiegel also reported another security hole from the | conference: reading a user's PIN code from reflections in their | pupils while taking selfies. | | https://www.dw.com/en/german-defense-minister-von-der-leyens... | Cd00d wrote: | I don't understand this one - when are people taking a selfie | at the same time they're typing in their pin? I have an | android phone, and I don't even unlock to take pictures. | | I just don't follow the timeline and geometry. Seems | theoretical only maybe. | nkrisc wrote: | I assume the intent is to capture it while surveilling | someone while they enter their PIN, not necessarily from | images harvested from social media or anything. Since many | PIN entries show at most the most recently entered number, | you'd need multiple images to capture the PIN. But if you | can capture it from reflections in their eyes, then you can | surveil them from a greater distance and more stealthily if | you've got a good camera. | voakbasda wrote: | Take a selfie with someone unlocking their phone positioned | over your shoulder. Seems very practical and surreptitious. | LocalH wrote: | Reflections of the fingerprint marks on the screen that are | usually present for those who don't regularly wipe their | screen off? | ARandomerDude wrote: | It's badly worded in the article but I think it means | person A is entering his pin. Persons B, C, D, etc. take | selfies in the vicinity of person A. By comparing multiple | selfies from sightly different times, you can determine | person A's pin. | throw0101a wrote: | > _The core problems with biometrics are that:_ | | ... is that they're treated as passwords instead of usernames. | The three problems you list all have the _biometric=password_ | assumption in them. | | See also using the American SSN usage: it's treated like a | (secret) token, and so when it leaks it can be used to access | sensitive information. Using it as 'just' a username would | probably reduce a lot of problems as well. | strbean wrote: | > American SSN usage | | Nothing like a secret token that can be reliably guessed | using only your birth month+year and place of birth! | booi wrote: | wait it's based on birth month/year/place? is there an | algorithm to generate it or something? | lelandbatey wrote: | There's not quite an "algorithm"; SSN's are so short | (it's just a 9-digit number, so max 1 billion unique | SSNs) that they have a very simple procedure for | assigning them. The Social Security Administration | explains it here: | https://www.ssa.gov/history/ssn/geocard.html | | - The first set of three digits is called the _Area | Number_ | | - The second set of two digits is called the _Group | Number_ | | - The final set of four digits is the _Serial Number_ | | Certain geographic areas get certain "Areas Numbers", | then Group Numbers are assigned consecutively, then | Serial Numbers are assigned consecutively. This entire | system of consecutive assignment makes it trivial to | guess pretty well, or even exactly, what someone's SSN | is. | tmm wrote: | Not since June 25, 2011 when they started randomizing | assignment[1]. They still don't use 666 as an area | number, though. | | [1] https://www.ssa.gov/employer/randomization.html | abustamam wrote: | This is a good change, but since it's not retroactive | anyone born before that date (which is 100% of adults and | probably roughly 50% of minors, who are likely not good | targets for identity theft) are still at risk. | registeredcorn wrote: | I have mixed emotions about this. | | From a security professional perspective, this is at | least _somewhat_ of an improvement, even if the entire | thing feels like it 's held together with a wish and a | prayer. I would really like if there were a means to just | institute an entirely new system. Essentially having | one's entire life ruined, on the chance a bad actor can | guess a four digit number is...not great. | | From a genealogist perspective though, this is horrible | news. Being able to trackdown people based off of rough | geographic assumptions can help narrow down if someone is | "lucky" enough to have a common name in a specific | region. Of course, this change to SSN isn't _nearly_ as | disastrous as the death of paper - _especially_ | newspapers - but I really do not envy anyone who is going | to try and do historical family research in two to three | hundred years. It makes me cringe just to think about how | much valuable information, how many life changing | moments, are going to be lost to encryption, bit rot, and | the constantly changing standards of software and | hardware. | [deleted] | int0x2e wrote: | Exactly. This is a point everyone seems to gloss over but is | fundamental to the entire concept of using biometrics. | arisAlexis wrote: | Me and my team have developed a solution for the 3 problems | mentioned. Anyone interested to discuss further find my email | on my profile. | PinguTS wrote: | And they distributed it with the Datenschleuder. Cannot | remember the issue, but I have it still somewhere at home. | | It is like a highly distributed backup of that fingerprint. | landemva wrote: | State driver license in USA is a honey pot of thumb/finger | scans. Anyone on HN think the NSA doesn't have access? NSA | info sharing with trusted foreign countries makes a reliable | distributed backup for use by foreign spooks. | nanidin wrote: | > State driver license in USA | | In which states? The only thing I have been fingerprinted | for is in the US is The Global Entry program. | reaperducer wrote: | More and more states require fingerprints for driver | licenses because of the RealID program. Eventually | (soonish) you won't be able to use your driver license to | fly without it being RealID compliant. | | One state I lived in gave me the option of not having a | RealID-compliant license if I wanted to. Another didn't, | so fingerprints were compulsory. | nanidin wrote: | As far as I can tell, Real ID does not require | fingerprints, only digital color images of the face[0]. | | [0] https://www.biometricupdate.com/202101/real-id-law- | quietly-p... | fragmede wrote: | heads up that the RealID deadline got pushed back to May | 3, 2023 | dylan604 wrote: | I've only had a state issued driver's license in CA and | TX, and both require thumb prints. But I'm sure if you | were truly interested, you could search the web for that | information fairly quickly, actually probably faster than | it took to post the question to HN: | | https://duckduckgo.com/?q=which+states+require+thumb+prin | t+f... | nanidin wrote: | My intent wasn't to find out which states require prints, | it was to drive conversation in order to refute the claim | that state driver licenses are honeypots for | fingerprints. | | Fingerprints are not required as a part of Real ID | implementation. Real ID seems like it would be the main | driver for feature parity between licenses of different | states. If fingerprints aren't required by Real ID, then | it seems like it would be incorrect to assume that all | states require fingerprints - and thus also incorrect to | assume that driver licenses in the USA are used as | honeypots for fingerprints. | | Perhaps landemva should have specified which states are | using driver licenses as honeypots for collecting | fingerprints? | JohnFen wrote: | Particularly since it's only being done in four states. | That explains why I'd never heard of the practice. | landemva wrote: | It appears JohnFen partially geolocated me! | | A few years ago I had top tier frequent flier status, and | the airline kept offering to pay the Global Entry fee for | me. Sit for a lame interview and provide a bunch of info | to power-starved snooping Karens? No thanks. | twobitshifter wrote: | State law enforcement fingerprinted me as a child around | 11 years old. | fragmede wrote: | If your argument is that the NSA doesn't have your | fingerprint because only the Global Entry Program has | your fingerprint, I find that highly suspect. Of all the | databases to be shared with the CIA and the NSA, Global | Entry seems entirely reasonable that they be given | access. Unlike state's driver license database where it's | objectionable that the NSA be allowed to access it, | Global Entry has to do with people coming in and out of | the country and so seems entirely reasonable the NSA | would have access, never mind the fine print no one reads | when signing up for the program. I wouldn't be surprised | if any of the three programs (Global Entry, TSA Pre, | Clear) have it in their fine print that the CIA is | legally given access to that database. | nanidin wrote: | My response did not intend to address the NSA, it was | intended to address the "state driver license in USA is a | honey pot" since in my experience states do not collect | fingerprints for driver licenses. Based on some cursory | research there are only a small handful of states that | require fingerprints, and fingerprints are not required | for implementation of Real ID. | [deleted] | jiveturkey wrote: | those aren't a problem when the biometric is used correctly. eg | not as single factor authentication | runarberg wrote: | I really like it in Demolition Man, how they thought of a | future which used biometrics for secure access (in that case | retina scan). But they also saw how easy it was to bypass it | when Simon (Wesley Snipes) simply takes the eye of the warden | to escape his prison. | | I don't think this was intentional but they managed to | demonstrate (or at least for-shadow) the incompetent police | force of the future this way. | vletal wrote: | The title almost sounds like that they have a meaningful | fingerprint ready to open her iPhone... Was that the case? Or | do they have a somewhat accurate partial fingerprint? I failed | to find recoding of the presentation. | DangerousPie wrote: | AFAIK iOS actually uses the pattern of veins below the | fingertip rather than an image of the fingerprint itself. So | I can't imagine this would be enough to unlock an iPhone. | joecool1029 wrote: | You're sort of not wrong, touchid uses a capacitive sensor | vs. a visual/camera sensor which has become more common in | other devices. What this means is _in theory_ you 're | measuring the electrical behavior of the outer layers of | skin, and Apple claims goes as far as measuring subdermis. | (This is also is why their touchid scanners don't work on | wet fingers as the behavior is thrown off). | | However, they are showing their attack working on a Macbook | Pro with touchid, which uses this sort of reader. So it's | easier to fake in practice than it is in theory. Whatever | material you lift the print off of should have to mimic the | capacitive behavior of the finger and this looks like it | busts Apple's claim that it can read the lower layers (or | it tells us their default sensitivity is set too low for | convenience) | yeetaccount2 wrote: | I'm waiting on a court case with a fingerprint as key evidence | for conviction, in which the defendant brings this up. Might | not pass reasonable doubt muster, but what if somebody sold | fingerprint forgery kits online that made it push-button | simple? Just supply an image or two, run it through some ML to | reconstruct the print, laser etch a latex glove or similar... | | I wonder if you could use CRISPR or "lab-grown meat" techniques | to do the same with DNA evidence...might be something that | would get you a contract with the CIA/NSA. | madeofpalk wrote: | Fingerprint recognition has been mainstream in consumer | tech/iPhones for 8 years. Surely it would have already | happened? | rawsta wrote: | Sure. No one has ever faked a fingerprint to access phone | of the partner or used a printout to trick facial | recognition to see the latest mails. Today even little Kids | fake fingerprints of their parents to buy some | microtransactions. | [deleted] | ipspam wrote: | Could work for a digital intrusion, but for crime scenes | there is dna | AnthonyMouse wrote: | DNA evidence is overrated. People leave their DNA | everywhere, so it's not that hard to get some and then | plant it somewhere else. | | The tests also have varying accuracy rates, but people | misunderstand what it means. If the test is 99.99% | accurate, that doesn't mean that there is a 99.99% chance | that the defendant is the perpetrator. It means that in a | region with ten million people, you've whittled your | suspect list down to a thousand people. If you pick one of | them at random there is only a tenth of a percent chance it | was them. | | This especially problematic when dealing with "DNA | databases" because then with a large database you have a | high probability of finding a false positive match and the | true perpetrator might not even be in the database. | ampdepolymerase wrote: | Why in the world would you need CRISPR or lab grown meat? | Just sequence the DNA and send it off to a DNA assembly | service. The price is a couple hundred bucks a pop. You don't | have to replicate the entire DNA, just the segments used for | forensic PCR. | | (On a side note, the state of biotechnology and life science | knowledge on HN is utterly deplorable, repeating buzz words | does not reality make.) | 14 wrote: | You make fun of people's knowledge but at the same time | suggest sending DNA to a lab to have it replicated. That | would be not very smart since op was discussing how someone | might get away with a crime and you suggest just contacting | a professional service and probably just use a credit cart. | Not smart at all. So we may not be biotechnology savvy but | we have other areas of knowledge you obviously lack. | aezell wrote: | hahaha - Friend, this is a news website not a scientific | forum. Relax. | mdp2021 wrote: | And what is involved in the DNA sequencing? And the DNA | assembly service will probably take record of the operation | itself (it is not a common service). | | In the context... | upofadown wrote: | Most of the evidence that shows up at a court case is | forgeable. Simply showing that a particular piece of evidence | _could_ be forged in no way proves that it _is_ forged. You | would need some sort of argument to prove your contention. | hasmanean wrote: | All evidence is ultimately forgeable. At some point a | modern day Godel could prove that "justice" in a free | society is mathematically impossible. | | The law has to operate within a practical compromise and | err heavily on the side of reducing false convictions. | omgwtfbyobbq wrote: | Or err heavily on reducing the release of the guilty, | depending on the region. | angst_ridden wrote: | Sadly, "forensic science" is often not science at all. Much | of it is barely an improvement on the techniques from the | Victorian era. Altogether too much of it is an expert | saying "these two samples look like a match" without a | quantifiable metric. DNA evidence has made enormous leaps | in the right direction, but even that requires a good chain | of custody, good lab practices, and honest actors | throughout the process. | landemva wrote: | 'what if somebody ...' made SaaS service to upload pictures | and overnight ship the fingertip. | yeetaccount2 wrote: | Sounds like they'd get lots of subpoenas. | qw wrote: | It would probably cause a huge media storm. Then the | politicians would "fix it" by replacing it with face | recognition... (suddenly Face/Off is no longer science | fiction) | dylan604 wrote: | As long as you can weather the storm, a storm is not the | death of shady businesses. The shady facial recognition | software that scraped social media for images got some | bad press, and then just stayed calm and carried on. | | For all of those outraged by the media storm, it is free | advertising to those actually interested in the service. | All of the pearl clutchers feigning shock and outrage | over shady service mean nothing to the company providing | the service, as these were never going to be their | customers in the first place. | reaperducer wrote: | _suddenly Face /Off is no longer science fiction_ | | Didn't a woman in France already have a face transplant? | brezelgoring wrote: | I don't think it was the type of transplant Face/Off was | depicting, hers was very natural-looking but also visibly | not a normal face. | | I'd like to see Mission: Impossible type transplants, or | even masks like the ones they use, for that matter. | wongarsu wrote: | The CIA's former Chief of Disguise says they very much | exist and are used, with some limitations [1]. Her | comment on the 3d printer making the mask: "What if I | said we had it". | | Of course that's not really surprising when you look at | the kind of Halloween masks you can get if you are | willing to pay [2]. I imagine if you could special order | them to perfectly fit your head they would be very | convincing to the casual observer and to software. | | 1: https://youtu.be/mUqeBMP8nEg?t=673 | | 2: https://www.youtube.com/watch?v=Y32hdPV0L3k | jcims wrote: | Would make for a good Black Mirror episode. | aqme28 wrote: | From the linked article, it sounds like that already exists | in some form. | | > Using several close-range photos in order to capture every | angle, Krissler used a commercially available software called | VeriFinger to create an image of the minister's fingerprint. | emodendroket wrote: | Considering the extremely dubious evidence that makes its way | into courts, such as bite mark analysis, I doubt you'd get | that much traction arguing about these scenarios with | fingerprints. | passivate wrote: | I'm sure the military has better than average tech when it | comes to security, but I wonder if they're agile enough to | embrace the rapid technological change that is necessary to | stay on the bleeding edge. These days when I hear military + | security in the same sentence I think of aging warships running | running windows 2000, using oddball niche technology supplied | by equally oddball government contractors/vendors. | jrootabega wrote: | And, in some cases, not considered protected by law, which | overlaps well with #2 and #3. | eden_hazard wrote: | How the heck did they get the fingerprint from that? Is there | actually tech to enhance blurry images like that? | endymi0n wrote: | iirc they had a waiter as a conspirator serving that guy at a | banquet | sm4rk0 wrote: | There were (at least) two such "stunts" in the past | involving German ministers: | | In 2008. "fingerprint of then interior minister and current | Finance Minister Wolfgang Schauble" was sourced from a | glass: | | https://freerepublic.com/focus/f-news/1995935/posts | | In 2014. "A speaker at the yearly conference of the Chaos | Computer Club has shown how fingerprints can be faked using | only a few photographs. To demonstrate, he copied the | thumbprint of the German defense minister" Ursula von der | Leyen | | https://m.dw.com/en/german-defense-minister-von-der- | leyens-f... | syntheticcorp wrote: | They used several close range photos, not the one in the | article. | cinntaile wrote: | It says several images were used. You can't generate a | correct fingerprint from that blurry fingerprint picture. The | data has to exist in order to reproduce it. | ozim wrote: | Pin/password can also be hacked and there is no need for fancy | 3D printer. | | Someone can use their smartphone to film other person as they | type stuff in, no need for printing fake print. They can steal | phone/laptop as soon as they are done filming. | | This is the case that fingerprint sensors are preventing. | | Pointing out problems is useless - as people don't have | alternative that would be "all-mighty secure without flaws". | | It should be defense in depth not - and that is already there | for example banking apps - you need fingerprint to unlock the | phone and banking app requires its own specific PIN. Getting | those 2 things makes it much harder for bad guys to do | something like money transfer. Yeah they might get your photos | and other stuff - but probably there are secure store apps that | would encrypt your photos if you have ones that you really want | to protect. | rhn_mk1 wrote: | > This is the case that fingerprint sensors are preventing. | | They aren't. Your parent post already mentioned that they | were extracted by filming. | | Passwords don't have the other 2 problems, and I'm not really | sure what is gained by not talking about them. | ozim wrote: | For fingerprint it is "using several close-range photos in | order to capture every angle" - to get PIN, I need one | angle and probably not even close-range of video and even | weird angle if I have to sneak up onto someone in a metro | or in a coffee shop. | UncleEntity wrote: | well, TFA used _one_ photo... | ozim wrote: | How convenient for them that they: | | 1) did not write what are needed parameters of the photo | or quality of left fingerprint | | 2) it does not look like they used photo from an angle of | the screen as in article but some other closeup | | 3) somehow unlock stuff with thumb where most people use | index finger | | 4) then they use index finger to operate "thumb" print | | 5) who touches screen like that with thumb, who touches | back of the phone like that | | In the end with PIN I can look over someones shoulder and | not even have to make a video. | | I agree with the premise of what they say that people | might think fingerprint is "super secure" while it is | not... | | But it is secure enough for most of the people and more | secure that typing in PIN or short password or for people | using 0000 or 1234 as PIN. | Normal_gaussian wrote: | The fancy 3D printer in this case is a regular toner printer | and some garden variety wood glue. | trie wrote: | > 1) Not revokable (unlike compromised credentials) | | Isn't that what _Cancelable Biometrics_ e.g. [0] is about [0] | https://ieeexplore.ieee.org/document/7192838 | sm4rk0 wrote: | The video from the conference, in German: | | https://media.ccc.de/v/31c3_-_6450_-_de_-_saal_1_-_201412272... | EGreg wrote: | That's why this is a dumb idea, merchants can just use the | replay attack: https://www.wsj.com/articles/in-china-paying- | with-your-face-.... | | The only place where you should be using your biometrics is to | unlock devices you carry with you, like the iPhone. | js4ever wrote: | Even for that it's not safe if anyone can bypass it with a $5 | trick. It's definitely a thumb idea | [deleted] | DennisP wrote: | > definitely a thumb idea | | Four hours have gone by without comment on this and I feel | the offense should be recognized. | imwillofficial wrote: | I thought it was intentional, won't lie, I laughed. | y4mi wrote: | You can unlock most home doors within seconds even without | having the key | | Nonetheless, we still lock our doors and thieves often | break in, even though picking the lock is both safer and | less likely to arouse suspicion. | | Your argument makes sense, but we humans aren't really | rational | Aengeuad wrote: | There's a good reason why criminals don't carry lockpicks | around and that's because they're regulated, in much of | the world mere possession of them outside of your | residence is a criminal offence and even in places where | you can carry them legally they not only show prior | intent, their use in criminal activities carries a charge | just like breaking and entering. I'd also argue that | being stuck picking a stubborn lock for 2-3 minutes is | significantly more suspicion arousing than the literal | seconds it takes to break a window but that's neither | here nor there. | | On the rationality of having locks when criminals can | very easily break a window, the old saying that locks | keep honest people out rings true. Locks do serve a | purpose even if they do very little to slow criminals | down. To bring the analogy full circle fingerprint | readers always seemed like windows to me in how easy they | are to bypass, luckily they're more of a luxury than a | necessity. :-) | lstodd wrote: | Lockpicks for the common locks can be made on site in | under 5 minutes and then after about half-minute the lock | is broken, and picks are discarded. | | That is why they aren't carried around any more. | | And that is not taking into account that most locks can | be defeated without lockpicks, a steel ruler will do. | | It's just sad when people that don't know a bit about the | trade boast about "regulations" and how they are | relevant. They are not. | fragmede wrote: | Breaking into my house doesn't get you my password for | all of my accounts though, no matter how much of an | invasion of my space it is. | dangerface wrote: | until you fall asleep with your phone on you. | bitxbitxbitcoin wrote: | I would argue that the devices you carry with you are exactly | the ones you shouldn't use biometrics for. | | Law enforcement can force you to use biometrics to unlock a | phone. They have used dead bodies to unlock phones.[0] What | they can't do is make you remember a code/password which you | have "forgotten." | | [0] https://www.forbes.com/sites/thomasbrewster/2018/03/22/ye | s-c... | FridayoLeary wrote: | The vast majority people will never encounter a | circumstance where that will be an issue. To withhold a (n | optional) feature from the masses based on the hypothetical | actions of an agency who can abuse your fingerprints but | will stop short of torture doesn't really make sense. | reaperducer wrote: | HN, and the tech bubble at large, is all about "edge- | cases." Too many Debbie Downers getting off on playing | "what if" scenarios, while ignoring reality. | eatbitseveryday wrote: | > Unfortunately for the FBI, Artan's lifeless fingerprint | didn't unlock the device (an iPhone 5 model, though Moledor | couldn't recall which. Touch ID was introduced in the | iPhone 5S). In the hours between his death and the attempt | to unlock, when the feds had to go through legal processes | regarding access to the smartphone, the iPhone had gone to | sleep and when reopened required a passcode, Moledor said. | | From your https://www.forbes.com/sites/thomasbrewster/2018/ | 03/22/yes-c... | fragmede wrote: | Except the FBI probably won't make that mistake again. | They'll wake up a judge and expedite the process, citing | this exact case as to why they need to be granted the | subpoena. from there it's not that hard to make a jig | that constantly does some sort of action so the phone | never goes to sleep. | criddell wrote: | > What they can't do is make you remember a code/password | which you have "forgotten." | | They might be able to with an FMRI machine. | twobitshifter wrote: | In the US at least FMRI should fall under fifth | amendment, right? Otherwise the fifth amendment would be | useless. A right to remain silent wouldn't exist if you | can't silence your brain. If one day there are stargate | replicators that can reach into your mind, would that be | legal? | criddell wrote: | In court, absolutely. | | There are still plenty of places where polygraph | examinations are used legally. | smeyer wrote: | Maybe at some point in the future, but we definitely | aren't at the stage of being able to parse out a specific | password from an FMRI reading right now. | criddell wrote: | No, but combined with torture it might be effective | enough. | russh wrote: | They can just '538 it. https://xkcd.com/538/ | GTP wrote: | No, I think that adding torture to the mix will make the | FMRI results even less readable | criddell wrote: | What I was thinking was using FMRI to find out if they | actually do remember the password (FMRI lie detection | really only works with yes/no questions, AFAIK). If they | don't know, then torture is a waste of time. If they do | know, then you know torture _may_ be fruitful. | rawsta wrote: | FMRI uses indicators like pulse, heartrate, etc. to make | a more or less estimate on the truthfulness. Torture can | make these indicators useless. Torture is a very flawed | method to extract informations. You can't be sure that | the victim isn't telling lies or admits to crimes just to | make the torture stop. | dylan604 wrote: | For some, being placed in the MRI would be torture. Hope | you don't have a plate in your head or other bodily | location. Would torturers be so concerned with this, or | is that just part of the threat. | | TLA person: Give us the code or we put you the MRI | machine!! | | Victim: Can't you just use a $5 wrench instead? | kwhitefoot wrote: | > What they can't do is make you remember a code/password | which you have "forgotten." | | But they can lock you up for not supplying it. | trident5000 wrote: | 24 hour fitness wanted my fingerprints to check into their gym. I | had to explain to multiple employees why that was never going to | happen. | afrcnc wrote: | Known since 2007: | https://twitter.com/Makdaam/status/1462800634197987329 | Sohcahtoa82 wrote: | Is anyone surprised by this? | | I've been telling my friends for a couple years now that | unlocking via fingerprint is a _convenience_ feature, not a | security feature. | [deleted] | legrande wrote: | Anyone else see this technique a few times in heist movies? I | always knew it could be done, but having a blogpost detailing how | to do this is is pretty cool. | elias94 wrote: | Have you ever seen the Charlie's Angels movies? They where taking | the fingerprints using a beer bottle. | | Same method but 21 years ago. | voidmain wrote: | Biometrics are not secrets (it must be assumed that attackers | always possess all biometric data), but they can nevertheless be | a good form of authentication _when combined with situational | awareness_. If you try to use one of these hot glued fingerprints | in front of a security guard, it isn 't going to go well for you. | | At the moment, humans are still necessary for situational | awareness, but probably machines can get there pretty soon. A | phone, for example, that monitors its surroundings continuously | and has enough intelligence to reliably distinguish normal access | by its owner from duress or the presentation of fake biometrics | seems like it's within reach of current technology (though it | doesn't actually exist). | capitainenemo wrote: | You think the typical security guard would notice a print if it | was glued on the finger? At workplaces I've worked at in the | past they weren't watching the flow of traffic through the gate | all that carefully... | joenathanone wrote: | Additionally a little social engineering would get right past | an attentive guard, just strike up a little small talk to | distract their attention. | acdha wrote: | I think this depends on how well they do liveness tests: it's | expensive to have guards checking everyone's hands (but | certainly not prohibitively so if you have that level of | threat) but it'd be a lot cheaper if your sensors are fairly | good at raising an alarm to attract scrutiny. | jbaczuk wrote: | I bet you could make one that looks like part of your skin | pretty easily. | theandrewbailey wrote: | Don't forget to change your fingerprints, face, and mother's | maiden name regularly. | rStar wrote: | apple: use your fingerprint ... gov: fingerprints are fungible | ... apple: use your eyeball then! | sparkling wrote: | This should not be news to anyone. Chaos Computer Club | demonstrated almost the same technique in this 2006 video | https://www.youtube.com/watch?v=OPtzRQNHzl0 | say_it_as_it_is wrote: | MacGyver did it in the 80s | rvz wrote: | Yeah, this isn't new. It's just cheaper. | hannob wrote: | Exactly, just wanted to link this as well. | | There's of course nothing wrong with pointing out already known | security flaws, but it's good practice to mention when this is | a well known thing and reference prior work - which the post by | kraken does not do. | zeven7 wrote: | Is modern facial recognition any better or is it also considered | bad to use for anything sensitive? | rei_ayanami wrote: | That would also be username like one other user mentioned. Not | passwords. | zeven7 wrote: | I know that's something people say, but that doesn't actually | give me the information I need to be informed about _how_ | secure or insecure it is and how hard it is to bypass. | m3kw9 wrote: | Biometrics is almost like security thru obscurity. | fortuna86 wrote: | I'd say it's a slight step up. | dxf wrote: | The huge advantage of biometrics (fingerprints, FaceID, etc.) is | the ease with which a user can unlock their phone. A passcode may | be better than a fingerprint, but a fingerprint+longer passcode | is better than a shorter passcode (or no passcode at all). | | Having a 12 character alphanumeric passphrase you enter each time | you want to unlock is not something most users want to do. | | See e.g.: | https://www.businesstoday.in/technology/news/story/what-kick... | | _Only about 49 per cent of the users were setting a passcode, | which meant that the remaining 51 per cent were not benefiting | from the data protection mechanism. When Apple dug in to | understand the reason, the findings revealed that users unlock | their devices a lot - on an average about 80 times a day. And | about half of its users simply didn 't want the inconvenience of | having to enter their passcode into their device, at times. At | that time, in 2012-2013, the default passcode length for iPhone | was four digits, which happens to be six today. | | Apple realised that it needed to come up with a mechanism that's | fast and secure, and doesn't involve typing in the passcode. | That's when Apple introduced Touch ID, which was easy, fast and | secure. The way that biometric authentication worked on Apple | platforms was that the user must set a passcode to be able to use | the biometrics. And just as Apple thought, there was a much | higher adoption of biometric-based TouchID. Apple says over 92 | per cent chose to use Touch ID and had therefore set the | passcode, which in turn meant users were able to use Apple's data | protection encryption system._ | mdp2021 wrote: | > _The huge advantage of biometrics ... is the ease with which | a user can unlock their phone_ | | This does not prevent involuntary unlocking - it actually can | allow for eased against-will unlocking. | | <<Ease>> and security may sometimes not be friends. | breser wrote: | At least on iPhones though they have a way to activate a mode | that prevents the use of TouchID and FaceID. If I press the | power button on my phone 5 times in a row that turns that | off. | | Yes I still run the risk of my device being unlocked against | my will if I'm caught by surprise. But I'm able to disable | this functionality in places where I think the risk of that | may be higher, e.g. while traveling. | | I'll still take the trade off of longer password (not just a | few numbers) on my phone while using a biometric test for | normal access. | | Of course not everyone may have the same threats to consider | and others may make different choices. Doesn't make either of | our choices wrong. | kurthr wrote: | On modern FaceID phones you need to hold the power and down | volume key to bring up the Reset/PowerOff and cancel. Just | clicking multiple times will bring up wallet, siri, or do | nothing. | jeroenhd wrote: | Biometrics are great for authentication but terrible for | authorization. Anything sensitive should require both. There's | nothing wrong with a fingerprint and a password or a fingerprint | and an RFID card as an authorization/authentication pair; you | just have to keep these things in mind. | | I've fallen to the laziness of using fingerprints on my devices | as well, but they still require a password to decrypt the | contents of the storage device on boot. For many, if not most, | threat models, this is perfectly fine. | | I lock my phone to prevent people with messing with my contacts | and scrolling through my messages. It's an inconvenience to | bypass that requires preparation. A motivated attacker would just | as easily spy over my shoulder if I were to use a password, | either on my phone or on my laptop. | | I look at these mechanisms like the lock on a teenager's bedroom | door. Those things aren't impenetrable and anyone with just a | little lockpicking experience or access to some automated tools | can open them in a minute. Unlike the locks on our front doors, | built to keep intruders that don't want to risk physical damage | to our windows out, they're a message: please don't violate my | privacy. Violating that privacy is made moderately difficult by | the mechanism itself, but it's hardly impossible. | | Unless you carry a password-protected authentication and key | management token with you at all times, you're at risk of having | your system broken into. Most of us don't need to worry about | those kinds of things. | legulere wrote: | "Authentication is the act of proving an assertion, such as the | identity of a computer system user. In contrast with | identification, the act of indicating a person or thing's | identity, authentication is the process of verifying that | identity." (https://en.wikipedia.org/wiki/Authentication) | | So it's not useful for authentication but could be used for | identification. | krisrm wrote: | This doesn't make sense to me. In what use-cases do we use our | personal computers authenticated but also unauthorized? | hartator wrote: | > Biometrics are great for authentication but terrible for | authorization | | What does that mean? Unlocking your MacBook gives access to | your RSA keys and all is lost. | blakesley wrote: | As the other commenter pointed out, he probably meant "great | for identification but terrible for authentication". | mfollert wrote: | How do you protect your private keys? I already have an | yubikey but it still feels not great. | webel0 wrote: | [edit for clarity] | | As someone who doesn't specialize in security, one claim that has | stood out to me for not using fingerprints is that you can't run | bcrypt (or some other salting algorithm) on fingerprints [1]. | | I don't see any discussion of that here thus far. Is that still | the case? I feel like I would have heard about developments in | this area if something had changed. But perhaps I've always | misunderstood the criticism? | | [1] https://www.rsaweb.co.za/fingerprint-security- | fingerprints-a... | cool_scatter wrote: | Fingerprints are stored as data, and data is hashable. As | someone who doesn't know the ins and outs of fingerprint | readers, that sounds ludicrous. I also don't see why it would | need to be hashed, however. | webel0 wrote: | Thanks for your comment. I have updated my comment to try to | be more precise. | tantalor wrote: | Says who? | webel0 wrote: | Thanks for your comment. I have updated mine to include a | reference. In short, I'm thinking about how fingerprints are | stored. | louissan wrote: | James, is that you? | | https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2F... | emodendroket wrote: | Yes. But at a certain point one has to consider how much security | is "enough." Someone could break into my house, even when locked, | by kicking in the door or breaking a window, but I don't | necessarily need to turn it into Fort Knox in response. If you | are a high-value target, it is worth thinking about this, but for | the average person, I think it might be a reasonable trade-off. | gannon- wrote: | Could a similar concept apply to face-id passwords? What's | stopping face-ID spoofing? | immmmmm wrote: | in biometrics this is called a Presentation Attack (PA), here the | fake fingerprint is the analog of presenting a photograph, video | or 3dp mask to a face recognition system. this is usually | mitigated by the use of Presentation Attack Detection (PAD) | systems, either hardware, software or hybrid. in this particular | case it can easily be mitigated by some hardware that measures | the amount of water in the biometric sample, for instance | capacitive sensor, transparent conductive electrodes or maybe | even better some optical sensor that is sensitive to SWIR | wavelengths reflectivity differences (1000 and 1200 nm would be | great here). a short scholar search will indeed reveal that this | is a very active area of research, and probably will reveal tens | of papers from our group which is a leader in this. | kspacewalk2 wrote: | For devices like phones and laptops, this sounds too | complicated. Why not instead just use passwords, patterns, etc? | I doubt anyone who's genuinely sensitive about their device | being secure uses biometrics to unlock it anyway, so this seems | to be just a convenience feature for the casual user with | minimal security concerns. As such, making it more complicated | doesn't seem worth it. | | And if we're talking about authenticating people in truly | secure environments, my gut tells me that adding a couple more | factors to even a simple fingerprint reader ought to be more | secure and robust than making a super-complicated fingerprint | reader and leaving it as the only factor. | newsbinator wrote: | Would this be foiled by a latex glove printed with that | fingerprint and worn to scan in? | immmmmm wrote: | the capacitive one yes probably, the two other i doubt it. | sure you can always use a conductive coating as well as a | material that mimic optical propreties of skin. the question | is not IF a system will be spoofed, the question is WHEN. | [deleted] | twobitshifter wrote: | It's relatively easy to produce "phantom" that mimics | tissue/skin from household ingredients. This is used in medical | labs. | | https://deepblue.lib.umich.edu/bitstream/handle/2027.42/3819... | the_arun wrote: | Using same idea, could't AI generate FaceId from videos? | lordnacho wrote: | Sounds likely. When you train FaceID you are filmed. What's to | stop someone from using film of you giving a speech? | | At best the biometric locks are like locks on your house. Stops | most people but not someone really determined. | cool_scatter wrote: | It uses an IR camera as a proximity sensor. A video isn't | good enough. You would need AI to construct an accurate 3D | model of the face based on it. | lordnacho wrote: | Yes that's what I meant, someone could construct the | necessary biometrics from a video and some ML. | acdha wrote: | FaceID is more complicated: it uses an infrared camera and | projects an array of dots on your face so the problem wouldn't | just be generating a realistic video of a face but more along | the lines of constructing a mask which would have similar 3D | structure including how it reflects infrared light. | SEJeff wrote: | Fingerprints are usernames, not passwords. Here is an excellent | (and timeless) post on this fact: | | https://blog.dustinkirkland.com/2013/10/fingerprints-are-use... | darkwater wrote: | I always thought that since the beginning, but unfortunately | the world went into another direction. People always said | "something you have and something you know", but now for most | cases it's just "something you have - your body". Obviously if | in the future remote mind-readers are invented, the "something | you know" part will also get obsolete, but for now we should | stick to it. | braincoke wrote: | I believe it's - Something you have (key, device,...) - | Something you know - Something you are (biometry) | | In Europe there is a regulation (PSD2) that defines a strong | authentication as 2 of the 3 listed above. | amalcon wrote: | I've always disliked this breakdown. My body is something I | have -- it's just potentially (not always practically -- | see the article) more difficult to clone or otherwise use | without my consent than a key fob or something. | | Edit: To be clear, I don't think this is an argument _for_ | biometrics, but rather an argument against them. They can | 't complement something I have in a two factor scheme, | because my biometrics _are_ something I have. | jagged-chisel wrote: | But it's the parts that are easily forgeable | (fingerprints, retinas, etc) that are being relied upon. | By "forgeable" I mean "things that someone else can also | have by creating copies." | | I don't think we have yet good metrics on how to detect | specific individuals using a full-body scan. Not to | mention the invasiveness of creating your personal | initial dataset. Most folks won't stand for it. So right | back to parts that are forgeable... | folkrav wrote: | I'd tend to describe one's body as a state more than a | possession. You are your body, it's not something you can | get rid of. | avianlyric wrote: | Your body isn't very easy to replace. Passwords and | devices are. | SEJeff wrote: | This is precisely why he is a poor "password" / secret | replacement. | | Whelp, your fingerprints have been cloned. Time to go get | them burned off and get some new ones. Yeah, that's not | gonna work. | blagie wrote: | There are two threat models: | | - Virtual | | - Physical | | In the virtual threat model, difficulty needs to be insane, | since any of 7 billion people can launch automated attacks on | my server. | | In the physical threat model, difficulty can be moderate, since | the only people who can attack are ones physically here. My | front door has a pickable lock, and my windows are breakable. | My key threat is my crazy stalker ex. | | Fingerprints are usually in the latter category, and provide | pretty good security. | GoblinSlayer wrote: | Secrecy is only an approximation of difficulty. Given the | difficulty, I would estimate it as a two character password. It | should be fine for people who have nothing to hide. | RHSeeger wrote: | > It should be fine for people who have nothing to hide. | | There are no people that have nothing to hide. There are only | people that don't know what they should be hiding. | madeofpalk wrote: | Just a clumsy way of saying "not within my threat matrix" | the_snooze wrote: | >It should be fine for people who have nothing to hide. | | If I'm a company, would I want my employees to give up | proprietary data they hold just because they personally "have | nothing to hide?" Anyone who thinks that's acceptable is | someone who isn't worthy of trust. | mankyd wrote: | > Given the difficulty, I would estimate it as a two | character password. | | Sorry, but that is _way_ off. | | I can run through 2 character passwords by hand in a few | hours at most, likely faster. (Assuming a qwerty keyboard, 62 | alphanumeric, plus roughly 33 other characters makes for 9025 | possible passwords.) | | To reproduce a fingerprint requires access, money, time, and | expertise. It's not _hard_ but it is not trivial either. You | need access to a good fingerprint. You need the money to buy | the supplies (a laser printer, some acetate, and some wood | glue). You need time to both capture the fingerprint, refine | it in the photo editor of you choice, and then actually turn | it into something that scans. And you need to know that this | is all actually doable. And then that all assumes that it | actually works; I can assure you this is not a 100% success | rate. | | Put another way, if you told me you _personally_ had a two | character password on a specific account, I could likely log | into it _today_. Conversely, if you told me it also required | a fingerprint to log into, I'd be out of luck. I'd have to | learn who you are, where you lived, and then concoct a way to | capture a clean print. | | As others have pointed out, biometrics != password. It's an | apples to oranges comparison. | IshKebab wrote: | Fingerprints are _not_ usernames. I wish that idea would die | but people just love putting things in existing categories so | much they keep thinking "fingerprints aren't the same as | passwords... so they must be the same as usernames!". | mdp2021 wrote: | It seems you are stating that fingerprints do not identify an | account holder. You should justify the statement. | IshKebab wrote: | No, I'm stating that fingerprints to not have the same | security and privacy properties as usernames. Therefore | they are not equivalent to usernames. | | * Usernames can be changed. Fingerprints can't. | | * Usernames can be denied. Fingerprints can't. | | * Usernames are zero effort to copy. Fingerprints require | some skill and effort (if you have a decent fingerprint | reader). | | * People are happy to share usernames online. Fingerprints | are considered much more private. | mdp2021 wrote: | Or, model-wise, "account holders are not accounts", | "users are not usernames", "individuals are not their | operating identities". | | Biometrics should be considered as part of the indication | of an entity before its own accounts. | quitit wrote: | Getting an ID card checked by security at the door of a secure | establishment allows the people inside that building to know | that the holder truly is who they say they are. Inside that | space the person has access to confidential information and | they do not need security to constantly verify their | credentials. ..and yet ID cards can be copied and faked - so | why do we do this? | | This model is how a fingerprint can be used as a shortcut to | deliver certain privileges. The user must first pass security | by entering their password, and then later numerous safety | triggers are in place to require that password again. Meaning | that once a person is validated a stand-in can be suitable | rather than fully evaluating each and every time. | | Back to fingerprints: copying a fingerprint has numerous | barriers that these exploits frequently ignore. First it needs | to be the correct finger, it must be clear and complete enough | to copy and finally it must be used at a time when the device | will accept it. While such barriers may be insufficient for a | secure environment, this approach provides more security than, | for example, a person repeatedly entering a pincode into their | phone through the day - something that is both easily observed | and remembered (and worse too if it's a gestural passcode.) | | To relegate fingerprints as only this or that throws the baby | out with the bathwater - appropriate rules and context can make | it a useful security improvement over the status quo. That | doesn't mean it's perfect or that it has to be. | xoa wrote: | > _Fingerprints are usernames, not passwords. Here is an | excellent (and timeless) post on this fact_ | | No, that is complete absolute shit post that isn't even self | coherent. Like, it literally whines about needing something | that can be "independently chosen, changed, and rotated", which | obviously describes usernames so obviously biometrics can't | possibly be usernames by that very post! Why is this dumb meme | so fucking persistent? Fingerprints are one of many | _biometrics_. They aren 't usernames, which aren't an | authentication factor at all. They aren't passwords. They | aren't tokens. They are their own thing. They have their own | pluses and minuses as part of a comprehensive response to a | given threat scenario. That's it. Trying to shoehorn them into | something else is the same as trying to shoehorn everything | into a car analogy. | | All security exists solely in the context of an equation of | threat scenario (the word "threat" doesn't even appear in that | post), defender vs attacker resources and the value of what is | being defended. Real security must work for actual real humans | too. For example, rotating passwords every day/week/month is | "secure" except that it's also a huge PITA or even outright | impossible for many humans and defending against what should be | a non-existent threat scenario anyway. So the obvious and | inevitable result is that everyone starts to use crappy | passwords, write them all down on sticky notes and text files | and such everywhere, or both. That is not the fault of the | users, it's the fault of a _shitty system_. | | Another word that doesn't appear in that post? "Camera". | Biometrics is an enormously rich potential field, fingerprints | are about the worst lowest hanging fruit and in no way | represent everything particularly as we use more and more | wearables (there are bits of entropy to be found in your body's | cardiac cycle for example). But even for fingerprints, which is | _really_ lower resource for attackers: getting a reproducing a | fingerprint, or having AI go through every single networked | look-down camera for the obvious obvious pattern of a human | pulling out a slab of screen and then entering a PIN or | passcode into it then recording that? Are people expected to | never ever unlock a device anywhere but a physically secure | area? Because see above, that is not realistic for real humans | and thus a worthless security response. | | As is usually the case, the best answer is hybrid, with | multiple levels of factor usage to try to combine the strengths | of each. And indeed that is the way things are going. | | _Edit to add_ : And if I sound irritated about this I am. This | is the same kind of user hostile shallow anti-security thinking | that brought us things like "security" questions, password | rotation policies, lengthy and baroque "must contain 2 caps 1 | number 3 special characters but not those special characters | and cannot START with a number" password policies, etc. All of | which add aggravation and failure points to no good end. Bad | security practices affect our entire industry to the detriment | of us all, but "bad security" isn't just a technical thing it's | a human UX thing. | [deleted] | mrtranscendence wrote: | > lengthy [...] password policies | | Bizarrely, my organization limits passwords to a length of 12 | characters or shorter. I agree with you, I don't want a | password the size of a paragraph, but c'mon... 12 characters? | xoa wrote: | I think you misread me, or I didn't communicate clearly. By | "lengthy" I was referring to the _policy_ , not password | length. Indeed max password length itself is another common | bit of foolishness, for sanity reasons arguably it | shouldn't be infinite but ~150 characters should be fine so | that if people want to have a long diceware passphrase | that's fine. To the extent passwords are used at all it | should be exclusively as input to a KDF or adaptive-hash | anyway so storage-side it should all be normalized | regardless of input length. | mrtranscendence wrote: | Ah, gotcha, sorry. "Lengthy (password policies)", not | "(lengthy password) policies". I wouldn't call the | policies themselves particularly lengthy, though we do | have multiple systems with different policies for which | we're supposed to use the same password, so there's that | -- it's possible to set a password in one place that | can't be set in the other. (Would something bad happen if | they weren't in sync? I can't see how, other than it | wouldn't be clear half the time which password to use.) | xoa wrote: | Sorry for not being clearer. Really though, the only | "password policy" should be "no password | reuse/dictionary" (check it against haveibeenpwned.com or | the like, there is a nice API), and some minimum decent | length. Preferably with a decent user friendly generator | option for default suggestions too, and password manager | friendly. It's probably not the weakest link at that | point. "Multiple systems with different policies for | which we're supposed to use the same password" seems like | it should just be SSO? | | But I recognize in reality when using archaic systems at | businesses with no budget sometimes hacks are just the | best that can be done, and that's how it is. I mean, | obviously best of all is no shared password, use proper | key via hardware token instead and the password/PIN or | (gasp :)) biometrics is purely something the user uses to | activate the token. Unfortunately it'll probably be | awhile until we get there. But the general use of baroque | password policies, particular when interfacing with the | general public, is still an anti-feature for security | which has finally started to fade away. | scott00 wrote: | The method in the article required an hour of photoshop work. | Anybody know how much expertise is required for that step? | delineator wrote: | > you leave your fingerprint on taxi doors, iPhone screens, and | glasses of wine at your local restaurant. | | DNA is similar - you leave hairs in taxis, public toilets, etc. | ruph123 wrote: | The uniqueness of fingerprints is also questionable. | | e.g.: https://mathblog.com/are-fingerprints-unique/ | lordnacho wrote: | One thing that's never been explained to me is how large the | space is. Does everyone have one big swirl on their thumb that | goes clockwise or counter-clockwise? Could you have two swirls? | What is the space of potential fingerprints? | JohnFen wrote: | Fingerprint scanners compile a small set of identifying | features (typically where ridges end or split). They don't | characterize the entire fingerprint. The higher quality the | scanning system, the more identifying features they use -- so | the size of the search space is both smaller than most people | think, and varies depending on the quality of the system. | albert_e wrote: | How about .... Fingerprint sensors + inbuilt IR sensors that | verify that there is a "live" finger with blood and pulse behind | that print. | | Would that help make FP authentication more robust? | Spivak wrote: | Yes, if you're interested in this kind of stuff you basically | have to work for the military because they're the only ones | with the funding and motivation for this kind of stuff. | draugadrotten wrote: | Check out the LivDet - Liveness Detection Competitions - | https://livdet.org/index.php | cmaggiulli wrote: | Fingerprints are usernames, not passwords | whirlwin wrote: | So there is a difference here. On local hardware this is not that | crucial. But on (portable) software relying on the fingerprint is | more severe. ___________________________________________________________________ (page generated 2021-11-22 23:00 UTC)