0sec06 - 1.0
0sec 2006
a private security event for friends
| Speakers | |
|---|---|
|
starbug |
| Schedule | |
|---|---|
| Day | 2 |
| Room | Talk |
| Start time | 16:00 |
| Duration | 01:00 |
| Info | |
| ID | 10 |
| Type | Lecture |
| Track | Talks |
| Language | English |
Hacking fingerprint recognition systems
Today biometric systems are becoming mainstream. They can be found everywhere. In mobile phones, computers, entrance systems even in ATMs. Because of the low costs, small sizes and the alleged maturity mostly fingerprint sensors are used. But contrary to the assurance of the manufacturers they are still very easy to hack with techniques invented three years ago (see http://www.ccc.de/biometrie/fingerabdruck_kopieren).
The capacitive sensors built into the new generation of Thinkpad computer from IBM / Lenovo were one of the first implementing countermeasures against this type of dummies. But counter measures only lead to new types of dummies!
Using this fingerprint system as an Example I want to explain the different techniques of hacking biometric systems, from the attack on the communication and the stored reference data to the direct hack of the sensor itself. The talk will present tools and ways to extract communication data to enhance dummy materials and a step by step approach to the final dummy finger that will defeat the sensor.