Biometric Security Devices Still Balky
Dec. 29 -- One of the most common causes of network security breaches is easily guessable or insecure passwords.
Many users choose common names or words that are in any dictionary; others use the same passwords everywhere or write them down where they can be discovered. Wouldn't it be great if you never had to remember another password?
This is one of the claimed benefits of biometrics — technologies that let machines recognize you via one or more physical features. Devices are now available that can examine users' fingerprints, facial features, and irises; some even attempt to identify individuals by examining their gaits as they walk.
The good news is that such devices are coming down in price; some, like the fingerprint recognition devices built into some mice and keyboards, are easily affordable for average consumers. The bad news is that, as with all new technologies, many of the current biometric systems are not quite ready for prime time.
Spoofing the Systems
A recent article on PC Magazine's sister site, ExtremeTech (www.extremetech.com), describes ways in which its authors were able to spoof a wide variety of systems. They foiled some face recognition systems — which try to match facial features such as the distance between one's eyes and the sizes of one's nose and mouth — with still photographs; the authors likewise fooled iris sensors by placing a still photo over a different person's eye.
Fingerprint sensors are equally easy prey. For ExtremeTech authors, fooling these devices was sometimes as simple as breathing on the sensor, making a previous user's latent fingerprint visible.
Most second-generation systems now under development attempt to overcome such tricks by trying to ensure that what they are seeing is really a live person (or part of one).
For example, some facial recognition systems now check to see whether the subject blinks now and then, or whether his pupils contract in response to bright light. Newer fingerprint recognition systems may try to detect the capacitance of the human body.