Friday, February 04, 2005

The myth of fingerprints

Fingerprint scanning is one of several biometric technologies under development. Sounds pretty good - just put your thumb on the sensor and it identifies you. Several supermarket chains are already trying it out.

Unfortunately, clever hackers have already learned how to defeat fingerprint scanners using gummy bears and other methods. For a step-by-step guide to stealing and using someone else's fingerprints, see here. Thank goodness it doesn't involve cutting off anyone's thumb. Actually, the stealing part will be easy since the fingerprints will be stored as digital files somewhere. Once one of these databases is compromised the bad guys will have millions of fingerprints to play with.

This technology looks DOA to me unless combined with other methods of authentication (in which case, it becomes just another multi-factor method). A particularly bad aspect of fingerprint scanning is that it is very hard to repudiate your own fingerprint once it has been stolen. A stolen credit card number is easily replaced, but not a fingerprint.

Retinal scans may suffer the same fate if contact lenses can be developed to mimic retinal patterns, although I don't know whether this is possible.

2 comments:

Anonymous said...

I don't think it is even firmly establsihed that fingerprints are unique and distinguishable. After seeing the film Demolition Man I don't want anything to do with retinal scans. They can steal my credit cards and even identity but please leave my eyeballs alone!

Anonymous said...

Steve,

Frightening indeed. I suppose there are no easy answers.

MFA

Blog Archive

Labels