Posted on 10/27/2010 11:47:11 PM PDT by prisoner6
The system replaces the school's traditional sign-in system with biometric readers that require senior students to have their fingerprints read to verify attendance.
Henry Kendall High School, on the NSW Central Coast, has pitched the system to parents as a convenient way for students to clock in and out of school during their irregular hours.
Principal Bob Cox told the ABC that the system was preferred over swipe cards, which students can abuse by signing-in for each other.
But a litany of fingerprint scanners have fallen victim to bypass methods, many of which are explained publicly in detail on the internet. The hacks could potentially be used by students to make replicas of their own fingerprints, or lift those of others from imprints left on the reader.
Japanese cryptographer Tsutomu Matsumoto used gelatin, the ingredient in Gummi Bears, to forge a replica finger that fooled 11 fingerprint scanners during tests in 2002. Gelatine has virtually the same capacitance as a finger's skin, meaning it can fool scanners designed to detect electrical charges within the human body.
"Simply form the clear gelatine finger over your own [which] lets you hide it as you press your own finger onto the sensor. After [the reader] lets you in, eat the evidence," BT chief technology officer Bruce Schneier said of the so-called Gummi Bear attack.
Chris Gatford, director of penetration testing firm HackLabs, has foiled biometric fingerprint scanners before.
"Whether it can be hacked depends on how clever the device is. If it is a reasonable quality, it will look for blood flow and heat, but entry-level models do not."
The NSW Department of Education said in a statement that the software does not store digital copies of fingerprints, but creates templates of unique characteristics.
This should prevent stored fingerprint images from being stolen, but would not prevent students bypassing machines.
The department said the decision to adopt the technology is up to the school, and participation in the scheme is optional.
Fingerprints can be lifted from a variety of surfaces, and then scanned, printed and applied to receptacle mediums which are used to trick scanners.
Finnish researcher Ton van der Putte hacked a scanner used for checkout payments in a chain of stores based in the Netherlands in 2008, while another Finnish researcher Mikko Kiviarju lifted prints (PDF) from Microsoft's now defunct Fingerprint Reader.
> Uh, if I read this correctly, they used gelatin, not gummi bears. They just call it that because gummi bears happen to contain gelatin. What a bunch of hyperbole.
Gelatin is actually made from hooves, hide and bone. By composition, gelatin is the same as skin. Korean hookers trying to illegally enter Japan have take it one step further; the use Listerine breath strips. They obtain a safe fingerprint, enhance it with techniques used to make electrical circuit boards, then they have a mold. They then place a Listerine strip on the mold, hit it with a hair dryer, then when it has softened and formed into the impression, they lift it, put it in the Listerine strip pack and do another one. Whenever they need a fingerprint, they moisten their finger, apply a strip and fool the scanner. The Japanese immigration people have arrested a dozen or so of these women over the past year.
Gummi Bears?
What are they using?!
Modern biometric chipsets don’t store an image of the print at all, they use a variety of methods to generate a profile of the fingerprint.
The laptop I’m using now, is a bog-standard HP with a built-in reader using an Authentec TouchChip sensor, and I’m pretty sure that can’t be fooled by a Gummi Bear. I’ve also got a rather funky prootype reader which checks for temperature and blood flow in the vessels inside the finger, I’d like to see the Gummi Bear trick fool that reader!
FFS.
Ironic. In 1985, the great Ferris Bueller himself couldn’t bypass the Shermer High Schoo/Ben Stein method of attendance verification. Today, it’s simply gummy bears ...that were in my pocket...want one? They’re warm and soft...
That gummy bear you just ate just picked up God knows what from the scanner. You don't know where the previous finger has been or what it was touching..........
One gummy bear for the entire school!
Mark
Mark
I'm guessing you didn't get that far into the article....?
I want a glove with John Dillenger’s fingerprints on it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.