[LINK] ArsTechnica: 'Crawl the Web with your fingers'
Roger Clarke
Roger.Clarke at xamax.com.au
Wed Oct 11 09:09:17 AEST 2006
At 8:55 +1000 11/10/06, Pilcher, Fred wrote:
>Roger wrote:
>> http://arstechnica.com/news.ars/post/20061009-7941.html
>> Crawl the Web with your fingers
>> 10/9/2006 4:15:37 PM, by Nate Anderson
>
>Am I correct in recalling that a couple of years ago a Japanese
>researcher managed to cook up some gunk in his kitchen (for less
>than $10 IIRC) that managed to fool every fingerprint scanner that
>was thrown at it? Have they improved since then?
That's correct, but it's not the vulnerability I'm on about.
The gummi attack requires access to either the thumb, or a
good-enough image generated from the thumb.
There are other forms of attack that can be based simply on the
'template' that's generated from the print. And that means that the
fraudster need never go anywhere near the individual, or even know
much about them.
In this case (judging by the description on the company's site), the
template is a list of the features of the thumbprint, and their
locations. (This is a conventional approach to extracting a template
from thumb- and fingerprints).
It's been demonstrated that such templates can be easily used to
perform masquerade, without access to the thumb or an image of it.
--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link
mailing list