digg

Join DiggAbout

Donkeys and Elephants and Delegates,oh my!
Check out the most popular Elections 2008 content on Digg.

Mythbusters beat the finger print security system

youtube.com — How to beat the finger print security system, the Mythbusters way

Bury
show profanity settings
expand all
  • mdman, on 10/12/2007, -2/+37Just shows you how secure those locks really are!
    • gcnaddict, on 10/12/2007, -21/+8Pwnt.
    • Monolith2, on 10/12/2007, -1/+24Yeah, im sure heads are rolling at that lock company.
    • AriaStar, on 10/12/2007, -0/+2And now we all know how to pull off a heist.
    • ccanni1028, on 10/12/2007, -1/+1Oh please, KRose did this on The Screen Savers a few years back when those types of locks first came out along with the ones for computers.
    • JQP123, on 10/12/2007, -0/+3"Just shows you how secure those locks really are!"

      Not really. Just like with an ordinary hardware lock, you have to obtain and copy someone's key. This may not be so easy. Also, they just kinda breeze past the fact that this particular lock also as a keypad for PIN code entry

      Imagine an episode where the "mythbusters" carry a hardware key down to Home Depot or Ace Hardware and get a copy made. Would you be equally impressed with "how (in)secure these locks are"?
    • theBrink, on 10/12/2007, -0/+1heads rolling? doubt it, the best thing in being a security company is devising a product everyone thinks is unbeatable, they've probably already sold hundreds of those locks. OMG it's fingerprints - unbeatable!

      They tried busting a PC biometric device too I guess? anyone see that ep to say if they were successful?
    • JQP123, on 10/12/2007, -2/+4If you think about it, this is not very realistic. They cheated quite a bit with lots of help and "inside" knowledge.

      1) They knew whose fingerprints were stored in the lock.

      2) They knew which finger was used as the key.

      3) They probably had the person's help in placing/obtaining a good copy of the target fingerprint.

      4) They had the PIN code associated with the fingerprint. They just gloss over this and don't really mention it except for a brief second in the video you can see someone entering a PIN code on the lock keypad.

      5) They were in no danger of being caught either in efforts to obtain the fingerprint or to break the lock.

      Remove any one of these and the test becomes quite a bit more difficult. Remove all of them and they would probably still be working on it. Any lock can be beaten, with enough inside knowledge and effort.
  • flizzoyd, on 10/13/2007, -2/+41That's why a fingerprint or smart-card lock should be accompanied by a pin-number lock for a second level of security.
  • TheRandomShow, on 10/12/2007, -3/+5Impressive...the other alarms they beat in this episode were equally amazing.
  • Kamakazi15, on 10/12/2007, -1/+11I remember that episode. I was actually shocked that they did it. Its actually kind of sad that it can be beat pretty easily.
  • adraft, on 10/12/2007, -21/+41See, this is the kind of YouTube link that should make the front page. I remember a time when usefull links made the front page, not just "The is the Best Commercial LOL" or "Wow this kid can really drum." This video is very relevant to technology, but as for all of the other stuff on YouTube that has been making the front page, that should be left for people to find on their own.
    • Nothlit, on 10/12/2007, -13/+31Newsflash: digg is not just a tech site anymore.
    • burke, on 10/12/2007, -22/+5Here's a suggestion though:

      A group of us users could pool our efforts and make a new Digg just for tech content, the way it used to be. I've tossed the idea around before, but I don't want to do it by myself ;)

      Then again, there's the whole thing about it not being profitable and incurring huge bandwidth bills....
    • Ironman11, on 10/12/2007, -1/+29Burke - Or you could just set up your Digg to only view the technology topics. It'd be a tiny bit easier.
    • chembro84, on 10/12/2007, -11/+3Or a bunch of people could befriend an account which is specifally meant to digg stories that "shouldn't" be on the front page, we then could mark every story which has been dugg by this account "lame" and get it burried.
  • Odweaver, on 10/12/2007, -5/+2I think the idea of key and a combination lock would be more secure.
    • TomP, on 10/12/2007, -3/+18not when they can be bumped
    • chembro84, on 10/12/2007, -5/+2Retna scan FTW
    • montagg, on 10/12/2007, -1/+11Biometrics = the worst security ever.

      At some point, whatever it is becomes a stream of bits, i.e. digital, i.e. infinitely reproduceable. It's not like you can change your password. When your fingerprint gets compromised, you can't get a new thumb.
    • zybch, on 10/12/2007, -4/+3You can't???
    • JQP123, on 10/12/2007, -1/+1"When your fingerprint gets compromised, you can't get a new thumb."

      You can use a different finger, most people have 10 to choose from. Also, you can change the PIN number that is associated with your fingerprint (2 factor authentication).
  • Morphinity, on 10/12/2007, -2/+4I remember it too. I was absolutely amazed at how they did it. And they did it legitimately, too.
  • spencejenkins, on 10/12/2007, -12/+2I saw this episode recently and thought that it would be a great security feature (even though its now possible to by-pass it) because most average people don't have the resources that the Mythbuster's have.
    • interiot, on 10/13/2007, -2/+40Most people don't have... a black and white printer?
    • schadenfreude56, on 10/12/2007, -2/+7I'm not so sure. I don't think MythBusters is one of few with a copy machine.
    • mattyice11, on 10/12/2007, -1/+16Most people don't want to break into fingerprint protected rooms either. Those who do are somewhat likely to try these methods.
    • comrademikhail, on 10/12/2007, -6/+3Except for the, you know, photo-copied fingerprint. All the person would need is enough time and to know the person with clearence enough to get a fingerprint.
    • Nathan07, on 10/12/2007, -3/+2Your logic is falty. Most people don't want to break into secured rooms. The people that do can certainly do any of the things that the mythbusters did.
    • popltree2, on 10/12/2007, -4/+1@Nathan07
      And your spelling is faulty.
    • SampMan87, on 10/12/2007, -0/+0Security will always be an issue. For every method of locking something down, there are probably ten other ways to crack it. It's true that not a lot of people want to break into your stuff an get it, but those that do are probably experienced in the field and wouldn't have any trouble at all. Security is also an issue for Corporations. But with most things, the most effective way to establish security is in human means. How many people would try to break into a building with armed guards floating around? They don't even have to be armed.
  • JayoxD, on 10/12/2007, -2/+23Or the manufacture just lied?
    • interiot, on 10/12/2007, -2/+9Or the whole industry lies, so most companies don't feel like they risk much by lying. Most of my profs at school thought poorly of most of the biometrics industry as it currently stands.
    • skoles, on 10/12/2007, -2/+11The manufactuer shipped it out w/out ever testing it against such measures. Thus it could say that it was never cracked.
    • montagg, on 10/12/2007, -0/+1The only real test of security is time.
  • yossarian24, on 10/12/2007, -3/+7The black and white printer one was obscene...that had to have been a fluke, theres no way the manufacterer didnt test that one before they released the product
    • chembro84, on 10/12/2007, -0/+7There definately is, just like a previous commenter said, if you didn't test for it, then the lock hasn't been defeated by that method (at least in Manf, tests), and you can claim "It's never been beat"
    • nofxjunkee, on 10/12/2007, -4/+4Actually it sounds so absurd they could have easily just dismissed the idea.

      Also, they're lying bastards.
  • omega1045, on 10/13/2007, -1/+37Good security requires two or three of the following:

    1) Something you have (car, key, etc).
    2) Something you are (biometrics).
    3) Something you know (PIN, password, etc).

    You should not rely on just one of these for really serious security.
    • paradoxy, on 10/12/2007, -3/+8keys can be copied, biometrics was just broken by the mythbusters, and passwords can be hacked. i think effectively, there is no such thing as privacy anymore, its just a question of when and who.
    • ptrcd003, on 10/12/2007, -8/+2You, sir, are a liar!
    • adriand, on 10/12/2007, -0/+2um, thats what the finger print locks are! print = something you are, and code = something you know... didn't you notice the keypad? I don't think it was for dialing 411.

      the only truely reliable security is a guy at the door who knows who you are.. and even that can be bypassed with corruption.
    • farrellj, on 10/12/2007, -0/+1Multi-factor authentication is not easy...but it's not that hard, either. Beating it can also be easy. As we have seen elsewhere, RFID tags can be cloned, key locks can be quickly defeated with a "bump key", and fingerprint scanners are totally bogus.

      On the other hand, technologies based upon public key encryption, coupled with something liket the ACE server, which depends on a key fob and syncrhonized random number generators can be as secure as you are going to get and still have some degree of ease of access.

      ttyl
      Farrell
  • JPDyno, on 10/12/2007, -5/+0thats pretty cool.
    what series was this in? ive never seen that episode.
    though i stopped watching mythbusters because the last series on tv that i saw here was just a series of 'bestofs' and 'try this again' episodes
    • zybch, on 10/12/2007, -2/+1Yeah. I hate those god damned clip shows.
      But at least the Mythbusters ones are at least watchable unlike the clip shows from the Simpsons.
  • dinobot, on 10/12/2007, -7/+2That's great! Now I can break into the White House's.... dog house~!
  • SIGINT, on 10/12/2007, -1/+7Oh my god.

    I used to work for this solutions provider company that sells these biometric solutions (time and attendance/security locks) and we have tried our best to trick the system, and as part of our sales pitch, we told the clients that it's unbreakable, can't be cheated with a simple photocopied thumb print, it's high resolution scanner was effective in detecting a good finger print from the bad, and various other pitches.

    Hell we even got false negatives when the real person tried to log in and we had to increase the resolution for her specific fingerprint.

    This is kinda scary.
  • cannibaljp, on 10/12/2007, -6/+2the mythbuster guys rule. now those are great jobs!
  • AZNL473ncy, on 10/12/2007, -0/+3Id like to see them beat an iris scan (not that it's impossible mind you).
    • paradoxy, on 10/12/2007, -1/+3they'll prolly just make an eyeball outta ballistics gel or something....somebody should suggest it to them
  • darkfish, on 10/12/2007, -2/+3Over-reliance on biometrics, that's the real issue, not the fact that simple fingerprint readers fail.

    I stopped using the fingerprint reader on my ThinkPad after playing with it for a while, and disabled the reader entirely. See my earlier post for the link on a real-life failure in use at a prison. So much for the hi-tech approach.

    Bruce Schneier is a well-known expert in the security field. His views on biometrics going back some years is pretty interesting to read. Check out his essays on this and security in general.

    Here: http://www.schneier.com/index.html
    • zybch, on 10/12/2007, -0/+2The readers where you have to actually pass yout thumb/finger over a slit-reader would probably be harder to beat.
      The one shown in the video can actually just be tricked with a water filled condom and some gentle pressure. The oils etc in the real finger print are left on the scanner, which, when the condom is gently pressed agianst it, are enough to trick many scanners.
    • darkfish, on 10/12/2007, -0/+0Agreed. However, the very fact that the so-called "slit" readers are harder to beat also means they have a hard time getting a good reading in the first place. I can only speak about the kind that comes with certain ThinkPad models. If your finger is too dry or too moist, it would not read. This kind of knocks it out for serious industrial-strength use.
  • kingygk, on 10/12/2007, -1/+5Kevin Rose did this as a dark tip on the Screen Savers. He used gummy bears and melted them with a blow torch and lifted off the print from the finger print reader. It was really cool.
  • DigeratiPrime, on 10/12/2007, -6/+14not arguing but this is not really news. MacGyver did this back in the season 2 episode 1 and a few months ago on slashdot there was an article about how play-doh molds were 90% effective against these scanners.
    http://it.slashdot.org/article.pl?sid=05/12/12/0557249&from=rss

    please dont digg me down for just referencing slasdot
    • tagawa, on 10/12/2007, -8/+4Nope, I'm digging you down for referencing MacGyver.
  • franksmith, on 10/12/2007, -1/+1Gee... I guess the manufacture needs to be beat down in the press and society like MS gets all the time. I mean it's not the thieves fault for always finding a way to beat something right? There must be something out there that is completely perfect that CANNOT be beat right?

    Yeah.... right

    I don't care what it is or who builds it... someone is going to crack it.

    (and it always fun when it is Mythbusters!)
  • zbeast, on 10/12/2007, -0/+2The thumb print scanners have been done to death.
    I was more impressed with there defect of the Ultra sonic and infrared motion detectors.


    Oh and the secret missing step they didn't put in there video on how to defect the thumb print scanners.
    You need to invert the light and dark part of your thumb print following there method.






    • smokester, on 10/12/2007, -1/+2The most effective way to defeat the ultra-sonic sensor was brilliant :)

      *tries not to ruin it for those who haven't see the episode*
  • sparkrainfir, on 10/12/2007, -0/+1how many people have access to a copy of someones fingerprint though?

    maybe i'm missing something here.
    • zybch, on 10/12/2007, -0/+1Not exactly difficult to obtain though. Just asking the target to hold a shiny object for you (while pretending to fumble for keys or something) would be more than enough.
    • CoolWind, on 10/12/2007, -0/+1How many people have easy access to their "target" victim? And if you do, you have to get them to do something which then blows your cover. Then you also have to get the pin code for the lock. Yeah right. Get real.
  • doughboy334, on 10/12/2007, -0/+0can't believe the photocopy print worked. gg mythbusters
  • BlackLineFish, on 10/12/2007, -0/+1I lost my faith in security systems when I watched Vin Diesel do the Peter Panda Dance...

    --gh

    P.S. I sometimes have problems figuring out the letters to the security code needed to post!
    • drfranktm, on 10/12/2007, -0/+0Sadly, you're not alone. Sometimes I have no clue whether a character is a "b" or a "6" or if it's capitalized or not. Are bots that smart that digg needs to make these unreadable to humans too?
  • tektalk, on 10/12/2007, -0/+0i saw this episode and it was cool
    they beat a:
    thermal sensor alarm
    sonic sensor alarm
    fingerprint scanner
    and a vibration sensitive safe( they blew it up)
  • Caboose101, on 10/12/2007, -0/+1all you need to make the equivalent of a bump key for a fingerprint lock is a black and white copier ?.... wow, technology isnt really making locks any safer.
  • glock22ownr, on 10/12/2007, -1/+1SOMEONE CALL THE PR DEPARTMENT QUICK!!! DAMAGE CONTROL PEOPLE!! DAMANGE CONTROL!!!
  • zorroAstro, on 10/12/2007, -0/+0p0wn3d!!!!!!
  • mr_cheese28, on 10/12/2007, -0/+2mythbusters is now one of the few shows that I watch on TV, with stuff like this the show keeps now getting better and better.
  • grumpyrain, on 10/12/2007, -0/+1Security is relative, and all systems can be compromised with enough time and will power. I have not seen the episode, just the clip from youtube, but most of the biometric devices I have used have various thresholds, from a really poor anything vaguely resembing the shape of a print is fine to an ultra high theshold which I have yet to beat in our lab. It is much easier to compromise a conventional lock than a biometric lock, it is much easier to lose a set of keys / smart card than a finger / eye. No serious security setup would rely only on biometric based security (or at least the biometric based security of a single individual).

  • noouch, on 10/12/2007, -0/+1The Chaos Computer Club did a proof of concept for this years ago...
  • thekronz, on 10/12/2007, -0/+0I think the thing that blew my mind is that a piece of paper got by the system.

    Using that and a bump key you could rob the U.S. in a month.
  • theonesteve, on 10/12/2007, -0/+0As some others mentioned, multifactor security is really the best way to go. If your facility is important enough to warrant fingerprint scanners, having the three basics covered (something you have, something you know, and something you are) should be backed up by human guards and there should be multiple levels of security to get through before even seeing the fingerprint scanner. For example, visitors would first have to get through a guarded lobby, through a well-traveled series of hallways, up some floors, and finally past another guard near the protected room.

    Regardless of the level of security, though, the protectors are more likely to make a mistake than the thief. The thief can wait forever, but corporate moneyholders get tired of paying for security that doesn't appear to be needed.
  • bluedepth, on 10/12/2007, -0/+1How about a modification to that door lock assembly? PIN, wrong fingerprint, then route wall current through door lock while contact is made. The dead body will be enough to serve as a deterrent to further incursions until someone comes by to collect the remains. :) Better get that PIN and fingerprint dead on, no second chances. :)
  • wpcolonel, on 10/12/2007, -0/+0that piece of paper that has the photo copy of fingerprint shouldn't be able to crack the lock. If that works that basicly it doesn't take a professional to break into lock like that. Even a kid who knows how to use a printer can do it.
  • fatcat4009, on 10/12/2007, -0/+0Short of someone cutting off your finger I really wouldn't worry about fingerprint locks being broken. Just like many of the myths that the Mythbusters test, this test proved that it might be possible given perfect conditions including having a quality print and the pin number. I have worked with a biometric product for almost two years and I definitely think that the ease of use and quality of security far out weight the chances of getting past a scanner. If you couple that with two (or more) factor authentication you will have one of the the best security solutions on the market. I find most discover channel shows to be TV and entertainment first and actual science last.
  • BenGriffiths, on 10/12/2007, -0/+0HA HA HA, it will never be safe, there will always be a way until they test the blood and finger print and eye and everything
  • johnlark, on 10/12/2007, -0/+1Did anyone notice the ads by google, the smaller box in the upper right, it's promoting a biometrics safe company. I bet they got tons of useless clicks, poor people.
  • SniperXPX, on 10/12/2007, -0/+1Mythbusters is awesome, they bust everything.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.