Thursday, October 27, 2011

Gummy Bears as Hacking Material

Last night, we caught the pilot episode of Covert Affairs, which contained an odd little scene where the main character defeated a fingerprint scanner with a Listerine strip (how MacGyver'ish -- right?). I was curious if the maneuver was totally Hollywood or if there was indeed anything behind the technique. Turns out, it may have been the most realistic part of the show.

Mythbusters showed that you can defeat at least one type of fingerprint scanner using a photo copy as well as a couple of other approaches.

But even better was the hacker who came up with this recipe:

Japanese cryptographer Tsutomu Matsumoto used gelatin, the ingredient in Gummi Bears, to forge a replica finger that fooled 11 fingerprint scanners during tests in 2002. Gelatine has virtually the same capacitance as a finger's skin, meaning it can fool scanners designed to detect electrical charges within the human body.

"Simply form the clear gelatine finger over your own [which] lets you hide it as you press your own finger onto the sensor. After [the reader] lets you in, eat the evidence," BT chief technology officer Bruce Schneier said of the so-called Gummi Bear attack.

Ahhh, Gummy Bears - delicious and hackable.

For a show that was nearly all fluff and make believe, it was actually a clever little hack.

No comments:

Post a Comment