Synaptics Announces New Technology Designed to Thwart Fingerprint Spoofing
A thief lifts a print off a wine glass and then transfers the image onto a latex-like substance that can be attached to the thumb when it dries. After sneaking into the corporate offices of a tech firm, the thief then presses his thumb with the fake print attached to it against a biometric sensor.
A scanning mechanism determines that the print is an exact match of the company CEO, and the security system gives the thief access to all sensitive information. In a matter of days, the tech firm will file for Chapter 11, discovering that its intellectual property is basically worthless.
The scene sounds like something out of a spy movie or an episode of Burn Notice, but is the kind of situation Synaptics wants to prevent. The San Jose, California-based maker of touch pads, screens and controllers has developed technology that it claims can detect the difference between real and fake fingerprints.
Understandably, Synaptics (News - Alert) does not go into great detail about how this technology works other than it uses something called ‘liveness’ detection. This would detect the difference between a fingerprint coming from its rightful owner and a fingerprint from an image or copy attached to a finger.
The above example of a thief duplicating a fingerprint and compromising a secure system is not cinematic fantasy. In 2014, Jan Krissler demonstrated at an annual meeting of hackers how easily he could duplicate the fingerprint of Ursula von der Leyen, German defense minister. First, Krissler obtained high quality photographs of von der Leyen, some coming from her office and others that he took himself from close range. Using those images along with fingerprint identification software, Krissler was able to make a good copy of von der Leyen’s fingerprint.
It is disconcerting to say the least, that it is so easy to copy biometrics from a high-ranking government official as Krissler did. If there is any single lesson anyone can learn from the story, it’s that you can never afford to be complacent when it comes to security. A growing number of businesses, after catching on about the weaknesses of password protection, are turning to biometrics as a replacement, but biometrics in and of itself is not a magic wand you can wave to suddenly make everything secure.
Using advanced security technology like biometrics only works if it remains advanced. This means staying on top news about of the latest types of attacks, testing systems on a regular basis, and keeping security software up to date for starters. Security should never be viewed as something impenetrable to attack, but instead something that makes it harder to attack using known methods. As attack methods improve, methods that prevent their success must also improve.
Edited by Stefania Viscusi