Beat-Fingerprint-Security-By-Cutting-Off-Finger Trick No Longer Viable, Thanks To Sony

from the important-research dept

It's becoming less unusual for devices like laptops, and even mobile phones, to feature fingerprint scanners for secure access. The idea is that only the owner's fingerprint can unlock the device, so if it's stolen, it will be useless to a thief. This tends to help with most of your garden-variety theft, but as anybody who's watched a few action movies knows, fingerprint-based systems don't pose a problem for the really motivated thief, who can simply cut off their victim's finger and use it to access the device or secret lair or whatever. Cue some researchers from Sony, who will have screenwriters scrambling for a rewrite: they've come up with a system doesn't use fingerprints, but rather an image of the capillaries (via Network Computing) beneath the skin of a person's finger. The pattern in the image can only be captured when blood is pumping through the finger in question, so severing it from the rest of the victim would render it useless. Of course, this does little to stop thieves from beating their victims senseless, or otherwise "motivating" them to unlock the system with their finger, but hey, at least they get to keep their digits.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: fingerprint


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    dffd, 15 Jun 2007 @ 6:34pm

    how did they test it

    who was the lucky winner to test to make sure a cut off finger really didnt work?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Jun 2007 @ 6:39pm

    Flaws

    I can see a few flaws with this idea:

    First, according to the patent, Sony assumes that the finger capillaries would loose their blood and deflate if the finger were severed. It would seem that all the finger thief would have to do would be to simply first apply a tourniquet to the finger before severing it to prevent this.

    Second, capillaries are easily damaged. Any kind of bruising or clotting, even on a microscopic level, would seem likely to cause authentication failure.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Jun 2007 @ 7:04pm

      Re: Flaws

      As a self proclaimed clutz a simple mistake of slamming a finger in a door would keep me from unlocking said door or laptop with sort of security measure.

      link to this | view in chronology ]

  • identicon
    duane, 15 Jun 2007 @ 6:46pm

    I wasn't aware

    that there was a rash of people stealing laptops and then cutting of people's fingers to get access to them. Good to see that people are up on these major security problems.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Jun 2007 @ 7:23pm

      Re: I wasn't aware

      that there was a rash of people stealing laptops and then cutting of people's fingers to get access to them. Good to see that people are up on these major security problems.
      Apparently the problem of severed fingers is actually big enough to be included in Sony's patent application.

      link to this | view in chronology ]

  • identicon
    Jolie, 15 Jun 2007 @ 7:09pm

    Ur Grammer

    Here's a visit from the grammar police.

    Less unusual? How about more common?

    link to this | view in chronology ]

    • identicon
      Emily, 16 Jun 2007 @ 9:53am

      Re: Ur Grammer

      'Less unusual' would be perfectly acceptable here, especially considering that the emphasis was meant to be placed on the unusualness of the device. Such emphasis would have been lost had the writer used the tired old cliché you suggested.

      link to this | view in chronology ]

    • identicon
      Dave, 17 Jun 2007 @ 3:14pm

      Re: Ur Grammer

      How about spelling grammar correct? Hmm?

      link to this | view in chronology ]

  • identicon
    Eric Williams, 15 Jun 2007 @ 7:11pm

    Bypass System

    I always thought the security hole in these devices were complete workarounds, isolating and removing the device from the security system, or possibly even duplicating fingerprints (easy enough)... not actually severing the finger James Bond style...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Jun 2007 @ 7:32pm

    Wouldn't a change in blood pressure cause a false negative?

    link to this | view in chronology ]

  • identicon
    Urban Legend, 15 Jun 2007 @ 8:10pm

    Yes, I'm sure all the folks who have suffered from SDS (severed digit syndrome) so that someone can get a peek at the goodies on their laptop are friends of (or a cousin of a friend) who woke up in a bathtub of ice with a missing kidney.

    There's nothing like creating a problem where none exists.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Jun 2007 @ 8:27pm

    According to mythbusters :) a simple photocopy fooled the current most "advanced" system. Sony's claims are one thing - I'd like to see proof it can't be foold

    link to this | view in chronology ]

    • identicon
      Nobody, 29 Oct 2008 @ 3:02pm

      Re:

      I figured that this was the reason they changed the design of the scanner. Fingerprint scanners are apparently really easy to beat.

      link to this | view in chronology ]

  • identicon
    Erv Server, 15 Jun 2007 @ 9:38pm

    fail

    I'm on Viagra so my capillaries are running like a flooded river

    link to this | view in chronology ]

  • identicon
    James Last, 15 Jun 2007 @ 11:59pm

    Toes

    I use my toe. When thieves steal my laptop, I give them the finger!

    link to this | view in chronology ]

  • identicon
    Jess, 16 Jun 2007 @ 12:51am

    This is a old idea I believe.

    link to this | view in chronology ]

  • identicon
    bob, 16 Jun 2007 @ 4:40am

    Authentec, a major chip maker in this space, has had similar technology for years. This is not news. Their chips read below skin level and sense the difference between a live finger and one the does not have warm blood surging though it.

    If a thief is that desperate i am sure they will do what they currently do at ATM's and just hold a gun to your head and make you access the device for them.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Jun 2007 @ 4:59am

    Umm don't be too impressed just yet.

    Mythbusters successfully bypassed just about every current fingerprint technology less than a year ago.

    Even to the point that making a photo copy of a finger print and holding it to the scanner worked.

    Read more here:
    http://www.no2id.net/news/newsblog/?p=457

    And watch the clip here:
    http://www.youtube.com/results?search_query=myth+busters+fingerprint&search=

    Dont' believe everything a marketing company tells you, especially if it's coming out of Sony's arsehole.

    link to this | view in chronology ]

  • identicon
    Overcast, 16 Jun 2007 @ 5:59am

    I guess it's still nothing a gun to the head won't remedy, huh?

    Or just take out the Hard Disk and put it in another system, lol

    link to this | view in chronology ]

    • identicon
      GoblinJuice, 16 Jun 2007 @ 8:50am

      Re:

      That's exactly what I was thinking. :-P

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Jun 2007 @ 2:38pm

      Re:

      Or just take out the Hard Disk and put it in another system, lol
      That won't help much with an encrypted disk.

      link to this | view in chronology ]

  • identicon
    TriZz, 16 Jun 2007 @ 7:10am

    There's an easier way...

    ...there's a slight pulse in your fingertips, it seems that a reader that also measured IF there is a pulse would be an simpler solution.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Jun 2007 @ 2:43pm

      Re: There's an easier way...

      there's a slight pulse in your fingertips, it seems that a reader that also measured IF there is a pulse would be an simpler solution.
      OK then, apply a tourniquet to the finger before severing it and then gently squeeze the finger to simulate a pulse when using it.

      link to this | view in chronology ]

  • identicon
    Phlatus the Elder, 16 Jun 2007 @ 10:37am

    Hack & counterhack

    When bank vaults came into vogue, the crims started kidnapping bank managers, forcing them to open the vaults at gunpoint. This led to the invention of the time lock. Same plot, different setting. The pattern will continue to repeat.

    link to this | view in chronology ]

  • identicon
    John, 16 Jun 2007 @ 5:40pm

    Old News

    Seems to me I read an article five or six years ago in Network Computing where they tested 6 fingerprint scanners and wanted to see how secure they were. I think they beat 4 of the 6 by using printer toner and tape to lift a fingerprint off of a table and used that on the fingerprint scanner. No severing of fingers required. The 2 which were not defeated had a pulse detector.

    link to this | view in chronology ]

  • icon
    Quantum John (profile), 16 Jun 2007 @ 7:34pm

    Cheap vs High Quality

    The just-cut-the-finger-off in movies, and the photocopies would only work for the cheap systems that only scan the fingerprint. They've had systems for years that measure galvanic activity to ensure that the fingerprint is coming from a live finger. So your laptop might have the cheap reader, but it won't work at high-security facilities.

    link to this | view in chronology ]

  • identicon
    Kyros, 16 Jun 2007 @ 9:39pm

    Yeah, Gun to the head, works every time.

    link to this | view in chronology ]

  • identicon
    Paul`, 16 Jun 2007 @ 11:51pm

    Mythbusters...

    Mythbusters showed a photocopy, let alone a balistic gel copy, of a finger print fools most systems. And those that sense for heat and moisture to see if its a real living digit were fooled by licking the photocopy/copy in question.

    link to this | view in chronology ]

  • identicon
    Woot, 18 Jun 2007 @ 12:20am

    1 Laptop with fingerprint reader.. $2500
    1 Knife.. $5
    1 Unsuspecting pedestrian with said laptop.. $-2500
    1 Severed finger to unlock the laptop.. $messy

    Not knowing how to reformat a computer and using a severed finger to unlock a stolen laptop..... Priceless

    There are some thieves that use severed fingers to unlock laptops..... For everyone else, there's General Computing Knowledge



    (General Computing Knowledge would like to remind you that there are not actually any thieves who use stolen fingers to unlock laptops .. GCK .. Don't be a noob)

    link to this | view in chronology ]

    • identicon
      Nasty Old Geezer, 18 Jun 2007 @ 6:31am

      Re:

      Depends on what the thief is after: data, or hardware. THe brute force types are likley to be after the hardware for resale, don't really care if it doesn't work.

      The data theives will just trick the victim into telling all, either a Trojan or simple social engineering.

      Besides, I wouldn't buy anything from Sony. Ever.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Jun 2007 @ 7:08am

    From Sony...

    if its a laptop from Sony then it probably has a rootkit installed that would allow for data theives to get to you data through other means. And like Nasty Old Geezer said the ones that are looking to resale the hardware don't care it the hard disk is encrypted.

    link to this | view in chronology ]

  • identicon
    Cyber Akuma, 18 Jun 2007 @ 7:51am

    So, what happens if you accidently one day hit your finger against a hard surface, get it caught in a drawer as you was closing it, or get a paper cut?

    Im sure everyone here has suffered stuff like this to their index fingers a few times by now in their lives, wouldent this burst some capillaries?

    link to this | view in chronology ]

  • identicon
    Jeff Mayer, 2 Nov 2008 @ 2:36pm

    Done Already

    A company called PosID has been working on this technology since 2000. An engineer who was working on an infrared missile seeker held his hand in front of the sensor and saw the capillary pattern.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Nov 2008 @ 1:27pm

    no help what so ever

    link to this | view in chronology ]

  • identicon
    Cody, 26 Sep 2009 @ 12:57am

    lame

    lame post X_X

    link to this | view in chronology ]

  • identicon
    HahahaComedy, 18 Dec 2009 @ 1:30pm

    Genius

    I love it how when there's a post about new technology, people immediately think they are smarter than the company who developed the technology. As if your 5 seconds of brainstorming after reading the article resulted in a major design flaw the company, which spent millions in R&D, somehow overlooked. If only they talked to you first, they would have saved themselves the embarrassment of releasing such an elementary and obviously poorly planned product.

    It's like when they came out with those LED traffic lights, everyone was like, "What happens in the winter? The lights won't generate enough heat to melt the snow, and people will get into accidents because they won't be able to see the signals."

    Seriously, did you really think they didn't think of that beforehand?

    Wait... what is it? They didn't? Oh... nevermind.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.