Tsutomu Matsumoto is a Japanese mathematician, a cryptographer who works on security, and he decided to see if he could fool the machines which identify you by your fingerprint. This home science project costs about £20. Take a finger and make a cast with the moulding plastic sold in hobby shops. Then pour some liquid gelatin (ordinary food gelatin) into that mould and let it harden. Stick this over your finger pad: it fools fingerprint detectors about 80% of the time. The joy is, once you've fooled the machine, your fake fingerprint is made of the same stuff as fruit pastilles, so you can simply eat the evidence.
But what if you can't get the finger? Well, you can chop one off, of course - another risk with biometrics. But there is an easier way. Find a fingerprint on glass. Sorry, I should have pointed out that every time you touch something, if your security systems rely on biometric ID, then you're essentially leaving your pin number on a post-it note.
You can make a fingerprint image on glass more visible by painting over it with some cyanoacrylate adhesive. That's a posh word for superglue. Photograph that with a digital camera. Improve the contrast in a picture editing program, and print the image on to a transparency sheet, then use that to etch the fingerprint on to a copper-plated printed circuit board (it sounds difficult, but you can buy a beginner's etching set at Maplin for £10.67). This gives an image with some three-dimensional relief. You can now make your gelatin fingerpad using this as a mould.
And -new information to me but not surprising-
In the new biometric passport with its wireless chip, remember, all your data can be read and decrypted with a device near you, but not touching you. What good would the data be, if someone lifted it? Not much, insisted Jim Knight, the minister for schools and learners, in July: "It is not possible to recreate a fingerprint using the numbers that are stored. The algorithm generates a unique number, producing no information of any use to identity thieves." Crystal clear, Jim. Unfortunately, a team of mathematicians published a paper in April this year, showing that they could reconstruct a fingerprint from this data alone. In fact, they printed out the images they made, and then - crucially, completing the circle - used them to fool fingerprint readers.
And let's not forget that the terms of the legislation mean that, in effect, you and I will be guilty until proved innocent of any crime related to the theft of our identity in this kind of way.
And if I'm not mistaken much of this applies to the USA whose strictures regarding visas etc are ostensibly the drivers for some -at least- of this.
Really: be afraid, be very afraid. I am.
Filed in:
No comments:
Post a Comment