Fingerprint readers

"GUMMI BEARS TRICK A FINGERPRINT SCANNER"
By: Brandt, Andrew, PC World, 07378939, Aug2004, Vol. 22, Issue 8

(link not available)

In a revamped version of the age-old technology of fingerprinting, computer companies are using fingerprint scans as a form of security. No need to remember long complicated alpha-numeric passwords. Just press your finger against the little scanner which attaches to your laptop or PC. Personalized safety that is quick is a painless. Sound ideal?

In an article in PC world August 2004, Andrew Brandt (author) decides to put two of these “full-proof ” devices to the test. They are 1) DigitalPersona’s U.are.U 400, which uses optical technology to take a picture of a fingertip when you press down on its sensor pad. 2) Targus’s Defcon Autheticator which use capacitive sensors to read electrical currents across its surface. Brondt uses a number of different methods to try and trick the sensors. First he attempts to lift his own fingerprint from a CD, scanned the prints and then used a high-resolution photo printer. The U.are.U. 4000 was not fooled. Following that, Brandt created molds of six of his fingertips using ceramic clay; hardening them in a kiln. He goes on to use various soft household materials to create phony fingertips. Liquid latex fails, polymer casting material(too hard), Play-Doh(doesn't keep its shape), gelatin (melts when it touches the sensor). Finally rehardened gummi bears is discovered to have just the right consistency. Defcon Authenticator clearly recognizes the fraud but the gummi fingertip passes the U.are.U 4000 test.
Not every fingerprint worked but the thumbprint worked again and again. Not only that, that author was able to enroll one of the gummi print as a user and then used his own thumb to log on.

The procedure used here to make a replica fingerprint may not be realisitc but it shows that the optical scanner is definitely not perfect. Real tresspassers surely will have better counter technology. Maybe the best way to keep your precious data secure is to use multiple layers of security.