These factors should be considered when assessing this attack’s impact under realistic usage scenarios. “The iPhone fingerprint spoof uses a number of steps including laser printing the fingerprints in high resolution onto transparent film, etching onto a printed circuit board and using a latex material to make a fake fingerprint,” explains Tsutomu Matsumoto from Yokohama National University, a member of BVAEG, “the current attack requires the lifting and processing of a high quality latent fingerprint at high resolution in order to make a successful spoof. “The BVAEG – a subcommittee of the independent Biometrics Institute – consists of many of the most experienced experts in this area from around the world,” says Isabelle Moeller, Chief Executive of the Biometrics Institute, “the BVAEG mission is to raise awareness of the need for vulnerability detection to be included with biometric devices, to promote standards, enhance privacy protection, performance measures and testing, and to help facilitate the dissemination of new research or findings in this area.” The international community is addressing this emerging area of technology through an ISO/IEC standards project to develop data interchange formats and testing principles for software and hardware used to combat biometric spoofing (called “spoof detection” or “presentation attack detection”). There are a number of technologies, both software and hardware, that can be used to detect such spoofing attacks. “This attack technique of presenting a fake biometric to a biometric sensor for identity theft or concealing one’s identity is commonly known as spoofing,” states Ted Dunstone, Chair of the Biometrics Institute Vulnerability Assessment Expert Group (BVAEG), “and such attacks are well known and studied.”
However, as with all security measures, it has vulnerabilities. The group that has claimed success, the Chaos Computer Club from Germany, has been involved in similar biometric attacks on different fingerprint sensors going back to at least 2004.īiometric authentication has the potential to ease the burden of security given its simplicity and usability, particularly when compared to mobile devices with little or no protection.
Could the iPhone Fingerprint Fake Finger Attack Have Been Prevented?ġ1th October 2017 THE BIOMETRICS INSTITUTE ASKS FOR PROACTIVE ADOPTION OF SPOOF DETECTION TECHNOLOGY.
0 kommentar(er)
