June 5th, 2006
Gummi Bears Can Also Fool Fingerprint Scanners
By Alice Hill
RealTechNews
About 6 months ago we ran a piece on how a finger made out of Play Doh could foil many retail fingerprint scanners. Not to be outdone, a Japanese cryptographer named Tsutomu Matsumoto has found that Gummi Bears make an even better fake fingerprint, and are the cornerstone of a do it yourself fake fingerprint lab that require bears, a digital camera, and a PC. According to Mastsumoto, the gelatin used to make Gummi bears can be poured into a mold to make a finger, and this fake finger was able to fool scanners 4 out of five times. Not to be outdone, using the fumes from superglue, Matsumoto was able to highlight a print from a drinking glass and photograph it with a digital camera, and then imprint the high res print on the gummi bear finger using a photo sensitive printed circuit board he picked up in a hobby shop. And it worked - so well that cryptography experts are recommending that these systems go right back to the drawing board.
Using PhotoShop, he improved the contrast of the image and printed the fingerprint onto a transparency sheet. Here comes the clever bit. Matsumoto took a photo-sensitive printed-circuit board (which can be found in many electronic hobby shops) and used the fingerprint transparency to etch the fingerprint into the copper. From this he made a gelatine finger using the print on the PCB, using the same process as before. Again this fooled fingerprint detectors about 80 per cent of the time. Matsumoto tried these attacks against eleven commercially available fingerprint biometric systems, and was able to reliably fool all of them. Source: The Register
We Say: No one mentioned that using the gummi bear method, you can not only “eat the evidence”, you get to enjoy a nice little candy snack in the process.
Alice Adds: While this story is not new, it is interesting to note that nothing has been done yet to fix the problem.
SpaZ says:
You guys don’t know what you’re talking about. I work for the company that makes these things and they are very easy to beat. All you need is a finger and a phone number. I signed up for one of these at Walmart and it works for my REAL finger and my own phone number every time. I don’t see why you need the playdoh.
June 5th, 2006 at 12:50 pm
Bryan says:
There is no reason for the industry to fix the problem; it isn’t a matter of making a secure product, but selling more widgets.
If word escaped the geek world of Blogs into the MeatSpace’s MSM (and nothing else was going on to distract), then maybe, just maybe would enough stink get raised for people to Do Something about it.
My bet is the thumbscanner people would attack the source as “unreliable” and then let the story die a quite death.
For a parallel, witness the locksmithing community:
Master-keyed systems have been totally vulnerable (and this fact was known by locksmiths) for over 100 years (http://www.crypto.com/masterkey.html), and yet companies still buy and install them. It isn’t about safety. It is about the illusion of safety (”piece of mind”) and gross ignorance.
June 5th, 2006 at 12:51 pm
David Johnston says:
That’s a really interesting find.
June 5th, 2006 at 12:52 pm
blackbrutha says:
hahahahaha
June 5th, 2006 at 4:27 pm
dsfd says:
LMFAO @ your “Share and Enjoy” links
June 5th, 2006 at 9:34 pm
JohnC says:
Surely this is old news - see Bruce Schneier Cryptogram May 15, 2002 “Matsumoto uses gelatin, the stuff that Gummi Bears are made out of .. Matsumoto tried these attacks against eleven commercially available fingerprint biometric systems, and was able to reliably fool all of them”, The Register 16th May 2002 (”http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/”) or any of the postings from May 2005 (”http://www.google.co.uk/search?hl=en&ie=ISO-8859-1&q=gummy+bear+fingerprint+biometric&meta=”). Was this article stuck in the mail for several years?
June 6th, 2006 at 6:43 am
Kish says:
Great analysis work there Johnny! It’s use as a bullet to kill any postive fingerprint scanner stories.
June 6th, 2006 at 2:25 pm
The Finger says:
I get the feeling that people here like to jump all over Alice whenever she posts an item on anything.
Alice, just a thought. Your writing is good but maybe another byline would help, just to save a little grief.
June 6th, 2006 at 4:52 pm
Scootch says:
The article makes no mention of the type of fingerprint scanners tested (optical vs. capacitive/silicon) and it also does not mention if the false matches using the gummy fingers were done against an actual person’s fingerprint or if the fake was enrolled and matched against.
Everyone knows that security should not rely upon one single approach. There may be weaknesses in each but there is exponential strength in combining the multiple factors.
June 7th, 2006 at 7:45 am
AntiScootch says:
Scootch is wrong. Most countermeasures can be attacked one at at time, making the strength of the system linear and not exponential in the number of components.
June 8th, 2006 at 4:18 am
NamelessTraveler says:
Ok, folks, notice they said COMMERCIALLY AVAILABLE Fingerprint readers…. What about the ones that read fingerprints, and IR Thermograph of hand at the same time or simultaneously with a body-scan… CA products are low end security and NOT for the anything a professional would consider secure, unless we are talking your local thugs here…
June 8th, 2006 at 5:54 am
Futurismic says:
Biometrics Boom
Red Herring is running an article about the explosion of interest in biometric devices, such as fingerprint scanners, citing lower costs and ‘public acceptance’ as some of the factors involved. Though they have neglected to mention that some people h…
June 16th, 2006 at 11:52 am
Little Happy Bunnies says:
Gummi Bears Can Also Fool Fingerprint Scanners
The gelatin used to make Gummi bears can be poured into a mold to make a finger, and this fake finger was able to fool scanners 4 out of five times. Link: Gummi Bears Can Also Fool Fingerprint Scanners…
June 18th, 2006 at 5:03 pm
ringtones free says:
http://www.ringtones-dir.com/get/ ringtones site free. ringtones site, Free nokia ringtones here, Download ringtones FREE. From website .
July 30th, 2006 at 5:09 pm
dude says:
funny!! LOL
October 13th, 2006 at 5:05 am
alprazolam says:
Avete blog piacevole qui! Grazie, è molto duro a mine lle tai informazioni in italiano, ma scrivete molto chiaro e posso capire tutto.
October 18th, 2006 at 11:57 am
Pozycjonowanie says:
Keep up the good work. Greetings
October 21st, 2006 at 4:35 am
mortgage broker says:
Si eres cualquier cosa como mí, odias el pensamiento del gasto cuarenta horas a la semana en un trabajo del punto muerto. Las luces fluorescentes de zumbido, la gerencia idiota, el hecho de que necesitas despertar doloroso temprano - el único alto punto son que viene viernes cada semana. Dije tan a me, allí me consigo ser una manera mejor. ¡Una cierta manera de hacer el dinero que me deja fijar mis propias horas y hacer una cantidad cómoda del dinero!
October 25th, 2006 at 9:23 pm
Accident Reports says:
i agree
October 27th, 2006 at 9:23 am
Restaurants says:
i c
November 10th, 2006 at 9:21 am
hard disk scsi says:
cdacefef
November 21st, 2006 at 7:50 am
hotel corona ischia says:
avaffe
November 21st, 2006 at 7:51 am
intermedio buco sacro says:
jgere
November 21st, 2006 at 7:53 am
minerale gemma lavoro says:
hdget
November 21st, 2006 at 7:53 am
fantasticamente giovane doppio penetrazione says:
chhrtrtrt
November 21st, 2006 at 7:54 am
gay cielo says:
pfcggbj
November 21st, 2006 at 7:56 am
beautiful asiatiche sexldo says:
cfffrww
November 21st, 2006 at 7:56 am
grecia offerta vacanza says:
pknwd
November 21st, 2006 at 7:57 am
costume jewellery wholesale says:
bbfsed
November 21st, 2006 at 7:58 am
Gadgets, Gizmos & Widgets says:
Gummy bears and fingerprint locks…
Maybe you’ve seen fingerprint locks before, maybe you haven’t. They seem like a good idea. After all, your fingerprint is supposed to be fairly unique (although, one fingerprint is not guaranteed to be unique, all ten combined are).
What if…
December 9th, 2006 at 6:46 am
Real estate says:
Very useful site, many thanks
March 16th, 2007 at 1:38 am
Is hoodia safe? says:
Very nice site, helpful articles - good job, thanks
April 12th, 2007 at 3:10 am
KLB says:
Actually all your fingerprints are unique - and nothing can be fairly unique. It is or is not. Sorry! You’re wrong
April 19th, 2007 at 1:42 pm
Herbal supplement articles says:
I was looking for any article about this from several weeks. And I foud it here. Many thanks. Good job, man.
April 25th, 2007 at 11:23 am
jachu says:
F^$&^# spamers.
May 2nd, 2007 at 7:40 am
Czarter jachtów says:
Czarter jachtów - Morze Śródziemne , rejsy morskie , rejsy po Morzu Śródziemnym , urlop pod żaglami,wakacje na jachcie - Sextant - Sailor.
May 23rd, 2007 at 6:28 am
Reklama w Polsce says:
Reklama w internecie
May 23rd, 2007 at 6:30 am
Rejsy morskie says:
Rejsy morskie po morzu Śródziemnym
May 23rd, 2007 at 7:39 am
Solina - noclegi says:
Solina - noclegi w Bieszczadach zapraszamy
May 23rd, 2007 at 7:41 am
Obuwie ochronne says:
Obuwie ochronne sprzedaz hurt
May 23rd, 2007 at 7:42 am
Katalog stron says:
Dodawanie do katalogów
May 23rd, 2007 at 7:44 am
Dubiecko says:
Dubiecko zaprasza
May 23rd, 2007 at 7:48 am
iluzjoniści says:
Interested.Thanks.
June 12th, 2007 at 2:48 am
pizza says:
What kind of language is this? I go for pizza!
June 12th, 2007 at 6:21 am
softjvwbqu says:
Hello! Good Site! Thanks you! rmblokkhtbu
July 7th, 2007 at 6:40 am
Serg says:
Great analysis work there Johnny! It’s use as a bullet to kill any postive fingerprint scanner stories.
July 15th, 2007 at 3:34 am
What's This? says:
Biometric recognition gets the middle finger…
You may have seen biometric recognition products such as Microsoft’s fingerprint reader, which remembers your passwords for you and inserts the appropriate passwords in the appropriate password fields when you visit a web page. I returned Microsoft’s…
August 23rd, 2007 at 9:31 pm
Plotki says:
Super great article
August 24th, 2007 at 3:35 am
netsearch says:
The gelatin used to make Gummi bears can be poured into a mold to make a finger, and this fake finger was able to fool scanners 4 out of five times. Link: Gummi Bears Can Also Fool Fingerprint Scanners…
September 5th, 2007 at 4:58 pm
Antyki says:
Oh Yeah! Gummi Bears
September 7th, 2007 at 7:43 am
Katalog Firm says:
Super great article ..:-)
October 15th, 2007 at 2:48 am
Odlewnia says:
Thanks for all of the great comments.
October 24th, 2007 at 11:34 pm
Zutestrane says:
Interesting Article, thank you for sharing your thoughts.
November 11th, 2007 at 8:32 am
online poker mit bonus online poker bonus says:
giochi black jack…
…
November 15th, 2007 at 12:26 am
www party poker com says:
fax loan no overnight payday fax loan payday…
…
November 15th, 2007 at 12:32 am
strategie poker says:
strategie poker…
Questo scommesse online download poker…
November 15th, 2007 at 9:56 am
hosting says:
strange article. But well done for your sense of humour
November 20th, 2007 at 6:32 am
erekcja says:
That’s a really interesting think
November 21st, 2007 at 8:17 am
sofiaa says:
[…]Excellent writeup - I’ll have to try this next time I need to make a run of boards, even though etching it myself is more
then sufficient right now.
http://www.rushpcb.co.uk/
[…]
November 24th, 2007 at 3:21 am
Антивирус says:
Interesting Article, thank you for sharing your thoughts.
December 15th, 2007 at 2:47 pm
Can Play-Doh and Gummi Bears Fool Fingerprint Scanners? | IndiaKnows.com says:
[…] Fingerprint scanners have typically been considered one of the more dependable (and therefore popular) security technologies — reliable, intuitive and largely foolproof. Recently, though, cryptographers have experimented with materials that can simulate a human thumb and bear a bogus fingerprint that a scanner might accept. […]
December 26th, 2007 at 4:02 pm
odszkodowanie says:
Thanks for this very good article
January 5th, 2008 at 1:43 am
Anglia odszkodowania says:
God job
January 5th, 2008 at 1:46 am
advance cash loan online advance cash fast loan online payday says:
gratis klingeltöne samsung klingeltöne gratis handy gratis klingeltöne…
Similarly gratis klingeltöne advance cash day loan pay…
February 1st, 2008 at 5:00 am
toques gratis pro celular says:
toques para celular totalmente gratis…
As a result toques de musicas gratis toques para celuar gratis…
February 1st, 2008 at 11:08 pm
Jack says:
Interesting fact. But does it really work?
February 7th, 2008 at 12:05 pm
US Freestuff says:
Nice
March 15th, 2008 at 5:39 am
t-shirts says:
All I can say is that this is pretty incredible. I’m so surprised that nothing is being done to rectify the problem. But what can they do? Have a smell detector as well, so that it can smell if the fingerprint is, in fact, human?
As for eating the evidence, that sounds nice in theory but I don’t know if I would like to after I’ve smudged it against someone’s glass and then their dirty computer. For sure, though, you can most certainly eat the evidence… hmmm… this is just not right!
April 1st, 2008 at 11:32 am
Imitate your own Government Minister — nikgreen says:
[…] » Gummi Bears Can Also Fool Fingerprint Scanners » Blog Archive Alice Hill’s Real Tech News - Independent Tech: “Gummi Bears Can Also Fool Fingerprint Scanners By Alice Hill RealTechNews […]
April 7th, 2008 at 5:51 am
Fine art portraits says:
After reading your post, a lot of thoughts came into my mind. One, is this safe as a reading material for my son whose curiosity is at its optimum right now? Then another thing – what will robbers and thieves have to say about this? Is this an idea for us to be warned not to fooled by bears? Or is this a technique that we can use in the future?
April 11th, 2008 at 1:52 am
pozycjonowanie stron says:
I think you are right but this is not good solution for me
April 20th, 2008 at 6:15 am
Hobby Web says:
You know what guys. I think this is very good idea, but I am affraid not for me
May 26th, 2008 at 10:09 am