[LINK] ArsTechnica: 'Crawl the Web with your fingers'

Adam Todd link at todd.inoz.com
Wed Oct 11 10:47:58 AEST 2006

At 09:09 AM 11/10/2006, Roger Clarke wrote:
>At 8:55 +1000 11/10/06, Pilcher, Fred wrote:
>>Roger wrote:
>>>  http://arstechnica.com/news.ars/post/20061009-7941.html
>>>  Crawl the Web with your fingers
>>>  10/9/2006 4:15:37 PM, by Nate Anderson
>>The gummi attack requires access to either the thumb, or a good-enough 
>>image generated from the thumb.
>There are other forms of attack that can be based simply on the 'template' 
>that's generated from the print.  And that means that the fraudster need 
>never go anywhere near the individual, or even know much about them.
>In this case (judging by the description on the company's site), the 
>template is a list of the features of the thumbprint, and their 
>locations.  (This is a conventional approach to extracting a template from 
>thumb- and fingerprints).
>It's been demonstrated that such templates can be easily used to perform 
>masquerade, without access to the thumb or an image of it.

Hollywood does it every day!

Makes impressions using laser controlled cutters resulting in moulded latex 
dummies that look so life like you have to look three times before you 
realise you aren't talking to the person, but a dummy.

Like with all things of this nature, once you have knowledge of the 
protocols (in this case the location points the scanner uses) then you can 
create a counterfeit key, in this case a finger print.

It might not even look like a finger print, it might just be a few lumps 
and a few dips, but if that's all the location points, just like a key for 
an ordinary lock needs, then it's going to unlock.

You can make a master key for a traditional barrel lock, it's plausible to 
make a master key for a finger print.

- Did you see the story about the morphing of 1400 Sydney faces to make the 
"face of Sydney" currently being projected on the side of a building in the 

I wonder if that "morphed" face might result in facial recognition matching 
across 1400 faces, after all if you put 1400 individuals in, you must match 
1400 individuals from the resulting morph out - right?

So if we take 1400 finger prints, and create one "mater" print, will it 
actually match, but default, all of the original finger prints?

I can't say any more on this, I'm getting close to "in trouble."

More information about the Link mailing list