How To Fool Biometric Fingerprint Authentication on a Laptop

Biometrics is an electronic method of distinguishing human individuals through their inherent and unique physical characteristics. The basic mechanics of this method involves an optical scanner that will sample the person's fingerprint, retina, voice or face. This sample will then be checked against a database that contains a sample of the same characteristic of the particular individual. The sample used for verification was previously stored through the individual's voluntary registration. Biometrics is often used as a security system. It can replace the more common form of access control such as passwords or be used in conjunction with them.

Laptops, designed to be portable, are usual targets for theft. Biometric fingerprint authentication can thwart or discourage this as the thief would not be able to use the laptop without the registered owner's fingerprint. However security experts are divided on the effectiveness of biometric security systems and fingerprint scanners in particular. One group conducted an experiment and revealed how such a measure can be circumvented.

  1. Weakness of fingerprint scanners. Such a scanner operates by taking a visual sample of the fingerprint touching it. It cannot however determine whether the fingerprint comes from a real finger or not. The security consultants that conducted the experiment determined then that an artificial finger etched with the correct fingerprint can subvert a fingerprint scanner.
  2. Residual impression of the registered fingerprint. To make an artificial finger for the purpose of fooling a fingerprint scanner, a residual impression of the registered fingerprint must first be acquired. These can be taken from other objects touched by the individual who has valid access to the system being protected by the biometric fingerprint scanner. Aluminum powder, ninhydrin solutions, and cyanoacrylate adhesives (materials used in crime detection) can be used to enhance these residual impressions.
  3. Correcting the orientation of the fingerprint impression. Residual fingerprint impressions are mirror images. Directly molding the artificial finger from that would still create an invalid fingerprint. The residual impression must first be digitized and then loaded into image editing software so that its mirror image orientation could be reversed. The corrected image can then be printed out.
  4. Molding the artificial finger. The print out of the corrected residual impression will be used as a pattern guide for building the mold of the artificial finger. There are various materials that can be used to create the artificial finger, but in the experiment gelatin was determined to be most effective.

The procedures outlined above were used by a security expert group to evaluate the risks of fingerprint scanners. Their objective was to point out the particular weakness of this method as a security measure. If you happen to own a laptop protected by biometric fingerprint authentication, you might want to consider this information and add other non-biometric access controls to protect your portable computer, just to be on the safe side.


Share this article!

Follow us!

Find more helpful articles: