Aussie kids foil finger scanner with Gummi Bears

mask.of.sanity writes: An Australian high school has installed "secure" fingerprint scanners for roll call for senior students, which savvy kids may be able to circumvent with sweets from their lunch box. The system replaces the school's traditional sign-in system with biometric readers that require senior students to have their fingerprints read to verify attendance.

The school principal says the system is better than swipe cards because it stops truant kids getting their mates to sign-in for them. But using the Gummi Bear attack, students can make replicas of their own fingerprints from gelatine, the ingredient in Gummi Bears, to forge a replica finger. The attack worked against a bunch of scanners that detect electrical charges within the human body, since gelatine has virtually the same capacitance as a finger's skin.

A litany of fingerprint scanners have fallen victim to bypass methods, many of which are explained publicly in detail on the internet.

  • * It costs more since you have to buy a new system and probably sign a support contract
    * It ties up personnel with deployment
    * It doesn't work any better than the old system
    * It raises significant privacy issues not present in the old system
    * It raises huge data security and disposal issues not present in the old system
    * Adding a new student is more invasive and time consuming than in the old system
    * The method can track an arbitrarily large set of individuals...but it can only distinguish a few hundr

  • nothing like a thinking kid armed with 2 cents of sugar and jello.
  • so they missed the VERY OLD Gummi Bear attack
    it is not like the info on this has not been around for a long time .
    Oh wait IT HAS been around for a very long time !!!
    and IS a known vector of attack .

  • No where in any article does it actually say that students have succeed in doing it.

