By Alice Hill
RealTechNews
Today, Fortune has a piece on plans by retail giants, Costco, Target, and Wal-Mart to move to fingerprint biometric technology as a way of cutting down on fraud and to expedite check-out line time. Sounds good, but it turns out that a simple “finger” molded from Play-Doh can foil 90% of these systems.
We say: D’oh. (Couldn’t resist!)
Associate Professor of Electrical and Computer Engineering Stephanie Schuckers and her team at Clarkson University found that most scanning systems can be fooled 90% of the time by taking a mold of the mark’s finger, filling the mold with Play-Doh, and using the fake digit to gain access. Don’t go running out to Toys ‘R Us just yet, though, as the Clarkson team also designed an algorithm that detects the spread of perspiration from the pores out to the ridges of a live person’s finger, and is only foiled by the Play-Doh method 10% of the time. Source: Engadget
From Fortune:
Here’s how biometric payment works: To set up an account, customers scan their fingerprint at an in-store kiosk, enter their phone number, and then submit checking and credit card account information. To make a purchase, they place their finger on a scanner at the register, enter their phone number, and choose how they want to pay (credit, debit, or checking.) Source: Fortune
Before You Go…Try these RealTechNews Favs:
–Cingular Patents the Emoticon 
–Print Your Own Monopoly Money
–SnackShotz Treat Launcher Shoots Treats at Your Dog < --Weird
–Play Music Directy From SD Memory Cards
–Samsung’s Pocket-Sized Projector
–Tell Them You Have an STD with inSPOT
….More RealTechNews
That’s a bit strange. As far as I know those systems- in the case of security this is not a regular scanner (like in some PocketPCs)! It is not only reading your fingerprints but also does some biomedical scans like checking the spread of vains on the finger.
Play-Doh and any other mysterious methods from movies like mission impossible are not working in the real life when the protection is done well.
For sure we are using such devices in the far, far east where people wears animal skins and lives in caves
Here’s a suggestion. Don’t shop at WalMart, Costco or Target. Those places represent the demise of healthy competition anyhow. Just go to your locally-owned stores and you don’t have to deal with any of this! It’s that easy! I promise…
You people are retarded. This technology cannot be fooled that easily. The same company (cogent w/ pay-by-touch) is also resonsible for all new bio-passports all over Europe as well as Homeland Security’s new US-VISIT program. Good luck with your play-dough at Wal-Mart you retards.
To those of you that think biometric scanners save your fingerprint and the government will get it, that is absolute bunk. These systems keep track of a number of points on your finger in a mathmatical equation. In no way is your FINGERPRINT stored.
One farsighted look into the future was Ian Fleming’s “Diamonds are Forever” movie where 007 used a fake fingerprint made of some kind of transparent material, perhaps latex. Back then it seemed to be farfetched, but these days with biopasses it’s very plausable and perhaps probable.
I have the ThinkPad with the fingerprint scnner built in. It is not a big pad that would show a finger print – like the biometric product Microsoft tired a few years ago – that thing glowed and clearly showed a print on the gel-like surface.
The IBM version has a scanning surface only an eight of an inch tall and you run your finger down the surface as it scans your print and comapres it to what is in the DB. What I want to know – why not make those devices the easy way to buy online? I mean, why not make it a more bullet proof version of Amamzon’s “one click” model?
sounds like a good way to spread germs.
Jimmy Neutron, please read http://biblelight.net/seal.htm for more on the Mark of the Beast.
How many people touch this thing? These fingerprint scanners are going to end up spreading viruses like the flu. Like those self-swipe credit card reader things. Think of how many people have touched that before you and after you. Gross.
So, Aaron, I take it you never touch anything outside of your house or vehicle without something covering your hands? Like, for instance, the doors to get into a store or public place of some sort.
Do you wash your hands 93280234930 times a day, too?
So – after your fingerprint information is stolen, how do you get new fingerprint information? Similar to what you do when your password is cracked….you change it. After your fingerprint (or any other biometric data) is stolen….how do you change it?
Stephanie Schuckers’ company, NexID Biometrics, is discussed here (with links to other sources). And yes, she’s involved in a company that claims to detect perspiration.
i have patented the word and concept of “patent.” implosion pending. . .
i have patented the word and concept of “patent.” singularizing implosion pending. . .
There is a lot of misinformation being spread around here. I work in the computer industry and have first-hand experience integrating fingerprint sensorss into our existing products. Please allow me to clear a few things up.
First of all, the play-dough hack only works for OPTICAL fingerprint sensors. Since about 1998 the industry has moved on to capacitive sensors. To learn more about this technology, please visit the web pages of some of the leading fingerprint sensor suppliers.
http://www.authentec.com/getpage.cfm?sectionID=75
http://www.upek.com/products/technology/active.asp
http://www.validityinc.com/technology.html
Second, the majority of sensors being used today are “swipe” sensors, not area sensors (swipe sensors are smaller, and thus less expensive). The swiping motion smears the fingerprint on the surface of the sensor, so there is no residual fingerprint to lift. And, even if you could lift a print, making a play-dough finger with that print will not work, as explaind in my first point.
Third, the fingerprint software does not record an image of the fingerprint. Rather, it looks for very small details in the fingerprint, then creates a geometric pattern based on the locations of those detials. This pattern becomes a template to which subsequent fingerprint swipes are compaired. The templates themselves are only a few Kb in size, so there is no way they hold enough data to reproduce the actual fingerprint. Please see this article for more on creating fingerprint teamplates:
http://www.upek.com/products/technology/perfectmatch.asp
Fourth, (this is a little bit gross) if the authorized finger is cut off the owner’s had, it will only work for 15 miutes. After that time, it no longer has the same electrical properties as a live finger will will cease working on the fingerprint sensor. (It becomes as effective as a play-dough finger.)
In conclusion, fingeprint technology works, it’s secure, it’s cost-effective, and it’s easy to use. Fingerpint will be the death of passwords. Do you like typing passwords all the time? I haven’t typed a password on my computer in over 2 years. People often forget their passwords, but they never forget their finger. Once you use one, you won’t want to go back.
What about chopping dead people’s or homeless people’s fingers off, pulling the bone out, and making a finger “glove” to fit over your real finger? Would that work?
Or what if you find a finger in your Wendy’s Chili? Can you use that?
gross!
You guys are bad, you don’t realise what your doing, every day you surrender more private infromation in order to protect yourself when really all your doing is giving them more things to use, keep it simple keep it clean, you used to be able to change state and start a new life, nowadays you go for a drive get lost and buy some food, you don’t know where you are but the gov does, you think your safe but your not, your under constant observation, and its getting out of control, I’ve been mugged for cash, and i hated it but whats worse is buying a pizza in washington and being followed for almost 5 hours by a black merc. they say your safe but your not, i’m not paranoid, i’ve been watched. fortunatly the underground is real, scary but real. i konw i sound nuts but i ask you for one thing, keep your self private.
The more you give them the more they own you.
All Your Fingerprints Are Belong To Us.
I have worked in the Biometrics Business for 13 years, and actually raised $40M to create a fingerprint sensor. I realize I’m going beneath myself now to respond to all the children on this geek site. Some points of clarification for the unwise:
1) Most of the low cost scanners in the market can be fooled with play-doh, latex, gelatin or wood glue.
2) It is far more difficult to fool the swipe sensors, and with swipe sensors no latent print is left behind
3) The scanner DOES capture a fingerprint image – the backend software then extracts minutiae and stores an easily searchable template. Some studies have shown that you can create a fingerprint from a template file
4) Most systems employ Multi-Factoral authentication – making the faking of a fingerprint useless unless you know one or two other things
5) There are NO health issues that have been proven – although americans are very adept at buying lots of anti-septics that have been also proven to have no beneficial result over normal soap and water – so this is just fear mongering
6) High end scanners – cost more – and have more features, like Infra-Red or other spectral bands (Optical) to detect blood. Or use live movement in the finger – to detect pulse. Some use RF signatures and dialectric constants.
7) To show a fingerprint sensor can be fooled and that in doing so the whole system is compromized is stupid. Has anyone ever blamed a keyboard for giving away a password. Again – think multi-factoral and think of the application – is it convience or security, or is it just convient security.
I have worked in the Biometrics Business for 13 years, and actually raised $40M to create a fingerprint sensor. I realize I’m going beneath myself now to respond to all the children on this geek site. Some points of clarification for the unwise:
1) Most of the low cost scanners in the market can be fooled with play-doh, latex, gelatin or wood glue.
2) It is far more difficult to fool the swipe sensors, and with swipe sensors no latent print is left behind
3) The scanner DOES capture a fingerprint image – the backend software then extracts minutiae and stores an easily searchable template. Some studies have shown that you can create a fingerprint from a template file
4) Most systems employ Multi-Factoral authentication – making the faking of a fingerprint useless unless you know one or two other things
5) There are NO health issues that have been proven – although americans are very adept at buying lots of anti-septics that have been also proven to have no beneficial result over normal soap and water – so this is just fear mongering
6) High end scanners – cost more – and have more features, like Infra-Red or other spectral bands (Optical) to detect blood. Or use live movement in the finger – to detect pulse. Some use RF signatures and dialectric constants.
7) To show a fingerprint sensor can be fooled and that in doing so the whole system is compromized is stupid. Has anyone ever blamed a keyboard for giving away a password. Again – think multi-factoral and think of the application – is it convience or security, or is it just convient security.
Hey, umm, number 27, uhh, what conversation are you in, because I don’t think it’s this one. If you want to talk about that stuff then go to your anarchist punk friends. (I make the bold assumption that you have friends) Everyone else, I think this is probably a possible thing to do but definitely not worth the trouble because there are much easier and lucrative dishonest things to do out there.
I´ve been reading your statements and let me tell you that you are all crazy. First, security companies never create a 100% secure system because they would run out of work. Second, the database that you are all so affraid of will be so big that they will lose track of a lot of info. Third, the play-doh finger would not do the trick bur try melting a barbie into a fingerprint mold and make it really thin, then glue it to you finger a use it for some hours, it will be the same temperature and humidity as your own body. Fourth, if you can steal the fingerprint from the machine without nobody noticing that then you can also copy the phone number just by looking at it. Fifth if you think that they will put that to work in everyplace, YOU ARE WRONG. Money will always be money. Half of America dosen’t has a bank account. Europe will not implement that and if you dont want to use it just go around the corner. If you want to steal from someone just try but then when you get caught please tell everybody that you tried to buy a pack of cigarretes with a fake finger, they will make your life really funny in jail.
You are only anonymous as long as they want you to be. I think the post-911 panacea has garnered more surrender of private information than is necessary. There needs to be a voice of reason here somewhere. If the government enforced all the laws that are ALREADY on the books, we’d all be in jail.
As far as the biometrics: Of course, it will be hacked. It’s only a matter of time. Build a better mousetrap…..
By the same token, it will not be Play-Doh, but a much more insidious method you won’t even see coming.
Which is easier
A.
1. Stealing someones wallet
2. Going to any grocery store and buying items, and paying with stolen credit cards/money (I’ve NEVER been asked to see an ID to check the if credit card is mine, even if its my MOM’S ID, with a girls name on it, even though I’m a guy)
OR
B.
1. Following someone around who you HOPE has enough money for the entire act to be worth while, waiting for them to place their hand on a flat service so you can extract the print with scotch tape (if for some reason store clerks don’t find it a tad strange that you stalking another customer and trying to lift their print). Their hand cannot slide at all when this happens, and hopefully not roll to the side so the print is in perfect condition.
2. When you have the print, which you might not even be able to get, you must then use something to extrude it into a 3 dimensional model. Your print is only in 2 dimensions. In order to do this correctly, you have to repair any smudges in the print, and extrude it into the shape of their finger, which the technology DOES NOT EXIST TO DO, and if it DOES, its so expensive if you had access to this sort of thing you wouldn’t need to be stealing GROCERIES.
3. Then, you would need to make a cast of this, presumably using Play-Dough.
4. Go to some way-side store and hope that you hope uses this obscure technology, which, I’ve never seen one anyway…
5. Use the play-dough print instead of your real hand, and hope the clerk doesn’t ask any questions. Hopefully the finger print will even go through, because your casted print will not have a heartbeat, which is often checked to make sure the print is coming off a living hand. If the clerk catches you, go back to 1.
6. Pay for a couple bucks worth of food, maybe some beer. Big deal. It’s only a few weeks worth of goods until the Victem notices the bogus payments and cancels the service.
Now, if you had taken the credit card… HELLOOOOO E-BAY!!! You could run up thousands of dollars worth of charges by buying cars, computers, drug paraphenelia, and any plethera of items that your heart desired. In webspace, your face is never checked. A clerk can’t ask you to properly identify yourself. All you have to know is their name and adress and have their credit card!
There are so many better scams then finger-print fraud. TRY good old forgery! My friend ran a twenty through his scanner and printed several thousands of dollars worth of bogus bills, all in a few minutes time. The risk was less, the time expended was less, less expertise, less equipment, and best of all, MORE PROFIT/APPLIABILITY. After all, cash is easier to accept at most stores compared to finger print ID. I mean, what the ****. I’ve never seen that in my WHOLE ENTIRE LIFE.
Get a life you paranoid crazies, worry about something useful LIKE THE WAR WE ARE IN! YOU HAVE A SKEWED SENSE OF PRIORITY. GOOD DAY SIRS.
Jon – so well said!
You are all dooshbags
I am the last poster
no your not!!! TOCHE
I think the solution would be to get people educated.
a simple thing to do is just after the computer reconized your finger, push it down in a sense that the residuos that leave your finger image would get blurry, making it impossible for someone to copy!
perhaps if we were to do away with mammon altogether…move back to the barter system……we could eliminate alot of headaches and heartaches…….for god has said……you cannot worship god and mammon……perhaps this would be toooo painful for many to eliminate money and currency altogether…….no marks or tracking….as to eliminate fear of the mark of the beast……or is that what money already is..is it trhe root of all evil..or is evil in the root of all mens hearts???…….if seve one another through love and our good name and our word……for without both you have nothing…..we could make this a better world to live in……be compensated for the gifts god has given you by sharing them with others……i.e……..love is the first place to look.
perhaps if we were to do away with mammon altogether…move back to the barter system……we could eliminate alot of headaches and heartaches…….for god has said……you cannot worship god and mammon……perhaps this would be toooo painful for many to eliminate money and currency altogether…….no marks or tracking….as to eliminate fear of the mark of the beast……or is that what money already is..is it trhe root of all evil..or is evil in the root of all mens hearts???…….if we serve one another through love and our good name and our word……for without both you have nothing…..we could make this a better world to live in……be compensated for the gifts god has given you by sharing them with others……i.e……..love is the first place to look.myself i know i have many faults and i am desperately working on them. for love is eternal……and more valuable than all the gold in the world.
You guys don’t know what you’re talking about. I work for the company that makes these things and they are very easy to beat. All you need is a finger and a phone number. I signed up for one of these at Walmart and it works for my REAL finger and my own phone number every time. I don’t see why you need the playdoh.
ephedra extract ephedra extract
getsmart visa getsmart visa
xenadrine rfa xenadrine rfa
creditrepair creditrepair
[...] What if there was a way to fool these systems? Ah, but there is! Not just the threat from gummi bears, but Play Doh as well. And, for really low-tech, it’s fairly easy to make a mold from silly putty and make a fake finger that way. [...]
Jon you right on 100% !
they’ll play us with the finger print technology until we are used to it… once we accept it.. they’ll say its not secure and put chips in all of us like they planned
dumb people follow everything.. smart ones try and lead the path
The point of faking a fingerprint is so beneficial in my case (when it happens). This technology is being applied here widely in work places to confirm the attendance and force “labors” to sit in their offices. Of course it is still a silly way to confirm this concept of work, since some people can do it in morning time and leave then come back to do it again and leave again without sitting one minute in the office. However, making a fake fingerprint can prevent me from going in the early morning when I have some urgent things to do or suddenly something happens. Our work places do not understand the simple facts of the human nature and require them to work like robots. I can make a copy of my fingerprint and leave it in my office for my colleagues to use it for me and record my attendance for me while I’m away!
Rolex Sports Models