10% Chance of spoofing Biometric security: that's the dream

LinuxElectrons - Engineer Outwits Fingerprint Recognition Devices with Play-Doh:

Fingerprint scanning devices often use basic technology, such as an optical camera that take pictures of fingerprints which are then “read” by a computer. In order to assess how vulnerable the scanners are to spoofing, Schuckers and her research team made casts from live fingers using dental materials and used Play-Doh to create molds. They also assembled a collection of cadaver fingers.

Clarkson University Associate Professor of Electrical and Computer Engineering Stephanie C. Schuckers, with imitation fingers. Simple casts made from a mold and material such as Play-doh, clay or gelatin can be used to fool most fingerprint recognition devices. Schuckers, an expert in biometrics, the science of using biological properties, such as fingerprints or voice recognition, to identify individuals, is a partner in a $3.1 million interdisciplinary biometrics research project funded by the National Science Foundation with support from the Department of Homeland Security.
In the laboratory, the researchers then systematically tested more than 60 of the faked samples. The results were a 90 percent false verification rate.

“The machines could not distinguish between a live sample and a fake one,” Schuckers explained. “Since liveness detection is based on the recognition of physiological activities as signs of life, we hypothesized that fingerprint images from live fingers would show a specific changing moisture pattern due to perspiration but cadaver and spoof fingerprint images would not.”

In live fingers, perspiration starts around the pore, and spreads along the ridges, creating a distinct signature of the process. Schuckers and her research team designed a computer algorithm that would detect this pattern when reading a fingerprint image. With the new detection system integrated into the device, less than 10 percent of the spoofed samples were able to fool the machine.

So lemme get this straight:

• If you use a fingerprint recognition system, there's a 90% chance that someone can spoof it with Play-doh.
• These systems are touted as being secure
• Even if this new system is totally effective, the chance of being spoofed is still 1 in 10.

Spot the thief who wouldn't swife or push something a mere ten times if it meant totally busting your Banke Account or maquerading as you at the supermarket. Considering the rate at which the relatively trivial bar code reader fails at the supermarket and requires re-swiping, I'm quite sure that a potential thief will not get a second glance if he looks the part.

And looking the part is what they've been practicing at for decades. This system is screwed.