Fingerprint Authentication Can Be Broken Too. Here’s What This Designer Created To Make It Safer

Fingerprint technology has been around for a long time and has since been a source of authentication.  With tech companies thinking of phasing out the password because many of us really don’t border following the three month rule in addition to having perpetually weak password. It’s common knowledge now that you should change the password to your online accounts every three month if possible to be safe but you and I know that we don’t especially in light of many such of accounts we have.

From MasterCard to Google, selfies and biometrics are gradually replacing the password. The fingerprint is unique to individuals and difficult to break right? While you may be correct, you should know that these companies store this information like any other data on a secure server somewhere. But if there’s anything the LinkedIn and Twitter breaches have taught us is that any data can be stolen with such information being sold by hackers on the dark web. From the newer iPhone versions to bank verification, fingerprint details are stored somewhere “safe” and as we did learn when hackers broke into the American Office of Personnel Management and stole the records of about 5.6 million people including biometric details, these information especially from public sector workers can be sold to adversaries.

So I googled how to beat fingerprint biometrics and what I discovered that it’s actually much simple to break the fingerprint security. By simply using methods like rubber cement of the kind you probably used in elementary school art class is one of the most reliable ways to make a copy of a finger print. Doing so typically requires “cooperating” or by forcing the print owner though and there are other methods listed there. People can use gelatin which “has many of the same conductive properties as human skin and can fool more sophisticated readers designed to sniff out inorganic “fingers.” Researchers lat Yokohama National University conducted a series of tests designed to fool biometric readers over a decade ago.”

So if this is not as secure, which one is?

Well the essence of the article is not so that the next time you walk into the store and they ask you to authenticate yourself using your biometric details, you become really suspicious even of the friendly attendant. It’s for you to be aware and therefore be careful but as I was researching the subject, I came across an article from MotherBoard which looked at a new concept in which someone replaced their fingerprint with prosthetics his fingerprint details from being used unauthorised persons. I’ll go ahead and paste some parts of their research (BY JOSHUA KOPSTEIN) which can be found be seen by clicking on the link.

“My substitute prints were provided by Mian Wei, a third-year industrial design student at the Rhode Island School of Design. Using his IDENTITY kit, anyone can cover their real fingerprint with a fake one that’s fully-functional, replaceable, and practically impossible to copy.

Many people believe we are all cyborgs now, connected to the internet 24 hours,” Wei told me when we met recently at a cafe near Harvard Square in Cambridge. “When we set our own piece of skin as the passcode, it is a solid and definite connection. You can [Photoshop] your face now, but you can’t really change your fingerprints, and you [lose] them on everything you touch.”

About IDENTITY

Created for a prosthetics design class, Wei said the goal of his project was to make a biometric privacy product that people might actually use in the real world. IDENTITY’s packaging is designed to look like something you’d find on a shelf at your local drug store, and each fingerprint-spoofing strip is individually wrapped—like bandages in some kind of counter-surveillance first aid kit.

The sticky black prosthetics are made from a mixture of conductive silicone and contain a random mess of fibers, which replace the tiny ridges that sensors normally look for on a real fingerprint. Once wrapped around my index finger, I could assign the false fingerprint to unlock my phone just like I would with my actual finger.

Now, even if someone managed to make a mold of my real fingerprint—as a member of the Chaos Computer Club did in 2013 to spoof the iPhone’s TouchID sensor—they still wouldn’t be able to unlock my phone.

Even further, the print created by the false finger when it touches objects isn’t really a “pattern” so much as a bunch of random lines; the fibers that form those lines are simply mixed into the silicone material, then cured and sliced into small strips. That means the prosthetic’s impression would be virtually impossible to recognize as a fingerprint, let alone duplicate, Wei says.

So would anyone in their right mind actually use a replaceable fingerprint? After two weeks of wearing one of Wei’s IDENTITY prosthetics, my general feeling was: probably, under the right circumstances.

The good news is it definitely works. Once I had assigned the fake finger to unlock my phone, the prosthetic was just as dependable as my real finger. (I was using an iPhone 6S and a Nexus 5X, but you’d theoretically get the same results on any device with a fingerprint reader) said Joshua.

From the  MotherBoard report, it’s clear that while this sounds good, there’s really no single absolute solution which is why biometrics are sometimes combined with facial recognition which can be photo shopped as well. As I have always said, when it comes to security, you are the best person to do that because in most breaches, hackers need to get on your device to carry out any actions whether they be software or hardware based. It all begins by clicking on links you shouldn’t be clicking on the web while other times, you carelessly leave your important device in the open.