Biometric tokens like fingerprint readers, iris scans or facial recognition are replacing passwords in many new devices like the iPhone X. In addition to making us feel like we’re finally living in the future that science fiction promised us, this is generally a good thing for digital security. Old-school passwords have many security concerns, since a strong password is not easy for a user to create or remember. Biometric tokens are much simpler to use, and the easier an authentication method is, the more people will use it.
But, biometrics are not perfect. Our CTO Corey Nachreiner recently wrote an article for Dark Reading that outlines four different biometric authentication methods and how hackers or security researchers have beaten them. Sometimes these hacking methods require a lot of specialized equipment and time, like 3-D printing a copy of someone’s face. But some, like the example explained below, are surprisingly low-tech.
In 2002, a researcher named Tsutomu Matsumoto shared how to defeat fingerprint readers with plain old gummy bears. Matsumoto pulled prints from a glass using the same techniques as law enforcement, and then used the prints to make a finger out of the gummy materials. With a little work, many of these crafty creations tricked the fingerprint sensors.