Arts&Crafts: bypass a fingerprint scanner with glue and tinfoil

Originally published at: https://boingboing.net/2019/06/12/artscrafts-bypass-a-fingerpr.html

2 Likes

Biometrics as far as i know weren’t covered by privacy laws as far as law enforcement compelling you to unlock your devices. They can’t force you to give up a password but they totally can if its biometrics. Unless the law around that ended up changing…

2 Likes

May I give you back the sense of dread you have been feeling and suggest you’ll have a look at the work of the CCC?

Some starters:
2008:


Sorry, in German. Google Translate is your friend, since the Alta Vista BabelFish lost contact to our brainwaves.

2013:
https://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid

2014:

There’s more.

I’m using my fingerprints hundred of times a day as an ID, BTW.

4 Likes

Yeah i really don’t like the idea of using biometrics for security, considering that you can’t change your biometrics if they were to ever be compromised.

5 Likes

Biometrics as part of a security system that includes a human check, e.g. where someone puts their hand on a scanner in front of a human that can see the source of the scan is another human, makes for strong security. Biometrics in mobile devices does not. The phone has no idea if the 1 and 0s are coming from a human hand/finger/face or not, and its a password that will be hacked like all passwords can be, and these are ones you leave everywhere you go. Once it is you can never change it for the rest of your life.

3 Likes

Cop holds phone up to your face and asks, “Is this your phone?”
[Phone unlocks]
Cop says, “Oh my how did that happen? And what do we have here in open view now?”

2 Likes

Things might be different now but honestly i havent taken the time to look this up vs the last time i did which was like 5 years ago.

1 Like

I have no doubt there is enough wiggle room for bio-metrics to be misused.

1 Like

I can type using my nose. it’s a “Hack”.

This is only a hack if you aren’t the owner and can take the owners phone convince the owner to press their thumb into hot glue but not place it on their phone.

The creating a print from a photo is much more frightening but going to university to learn computer science and mastering the techniques required so you can steal the phone and unlock it before they remotely wipe it feels less efficient than just jumping them and beating the security code out of them.

Ob.

2 Likes

This topic was automatically closed after 5 days. New replies are no longer allowed.