digg

Facebook Connect Join Digg About

Mythbusters beat the finger print security system

youtube.com How to beat the finger print security system, the Mythbusters way

Who dugg this? Made popular Sep 18, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

83 Comments

show profanity settings
expand all
  • flizzoyd, on 10/13/2007, -2/+42That's why a fingerprint or smart-card lock should be accompanied by a pin-number lock for a second level of security.
  • interiot, on 10/13/2007, -2/+41Most people don't have... a black and white printer?
  • omega1045, on 10/13/2007, -1/+37Good security requires two or three of the following:

    1) Something you have (car, key, etc).
    2) Something you are (biometrics).
    3) Something you know (PIN, password, etc).

    You should not rely on just one of these for really serious security.
  • mdman, on 10/12/2007, -2/+37Just shows you how secure those locks really are!
  • Ironman11, on 10/12/2007, -1/+29Burke - Or you could just set up your Digg to only view the technology topics. It'd be a tiny bit easier.
  • inactive, on 10/12/2007, -1/+24Yeah, im sure heads are rolling at that lock company.
  • Cbeck527, on 10/12/2007, -9/+31pin-number, is that like personal identification number number?
  • JayoxD, on 10/12/2007, -2/+23Or the manufacture just lied?
  • adraft, on 10/12/2007, -21/+41See, this is the kind of YouTube link that should make the front page. I remember a time when usefull links made the front page, not just "The is the Best Commercial LOL" or "Wow this kid can really drum." This video is very relevant to technology, but as for all of the other stuff on YouTube that has been making the front page, that should be left for people to find on their own.
  • Nothlit, on 10/12/2007, -13/+31Newsflash: digg is not just a tech site anymore.
  • mattyice11, on 10/12/2007, -1/+16Most people don't want to break into fingerprint protected rooms either. Those who do are somewhat likely to try these methods.
  • TomP, on 10/12/2007, -3/+18not when they can be bumped
  • Kamakazi15, on 10/12/2007, -1/+11I remember that episode. I was actually shocked that they did it. Its actually kind of sad that it can be beat pretty easily.
  • montagg, on 10/12/2007, -1/+11Biometrics = the worst security ever.

    At some point, whatever it is becomes a stream of bits, i.e. digital, i.e. infinitely reproduceable. It's not like you can change your password. When your fingerprint gets compromised, you can't get a new thumb.
  • skoles, on 10/12/2007, -2/+11The manufactuer shipped it out w/out ever testing it against such measures. Thus it could say that it was never cracked.
  • DigeratiPrime, on 10/12/2007, -6/+14not arguing but this is not really news. MacGyver did this back in the season 2 episode 1 and a few months ago on slashdot there was an article about how play-doh molds were 90% effective against these scanners.
    http://it.slashdot.org/article.pl?sid=05/12/12/0557249&from=rss

    please dont digg me down for just referencing slasdot
  • interiot, on 10/12/2007, -2/+9Or the whole industry lies, so most companies don't feel like they risk much by lying. Most of my profs at school thought poorly of most of the biometrics industry as it currently stands.
  • chembro84, on 10/12/2007, -0/+7There definately is, just like a previous commenter said, if you didn't test for it, then the lock hasn't been defeated by that method (at least in Manf, tests), and you can claim "It's never been beat"
  • SIGINT, on 10/12/2007, -1/+7Oh my god.

    I used to work for this solutions provider company that sells these biometric solutions (time and attendance/security locks) and we have tried our best to trick the system, and as part of our sales pitch, we told the clients that it's unbreakable, can't be cheated with a simple photocopied thumb print, it's high resolution scanner was effective in detecting a good finger print from the bad, and various other pitches.

    Hell we even got false negatives when the real person tried to log in and we had to increase the resolution for her specific fingerprint.

    This is kinda scary.
  • paradoxy, on 10/12/2007, -3/+8keys can be copied, biometrics was just broken by the mythbusters, and passwords can be hacked. i think effectively, there is no such thing as privacy anymore, its just a question of when and who.
  • schadenfreude56, on 10/12/2007, -2/+7I'm not so sure. I don't think MythBusters is one of few with a copy machine.
  • darkfish, on 10/12/2007, -1/+5Well, on the surface that sounds good. However, this article points to real-life failures of fingerprint + PIN reader used in prison. This is unfortunately not isolated, and I'm sure the manufacturers don't want to publicize these.

    http://www.schneier.com/blog/archives/2005/09/fingerprint-loc.html
  • yossarian24, on 10/12/2007, -3/+7The black and white printer one was obscene...that had to have been a fluke, theres no way the manufacterer didnt test that one before they released the product
  • kingygk, on 10/12/2007, -1/+5Kevin Rose did this as a dark tip on the Screen Savers. He used gummy bears and melted them with a blow torch and lifted off the print from the finger print reader. It was really cool.
  • JQP123, on 10/12/2007, -0/+3"Just shows you how secure those locks really are!"

    Not really. Just like with an ordinary hardware lock, you have to obtain and copy someone's key. This may not be so easy. Also, they just kinda breeze past the fact that this particular lock also as a keypad for PIN code entry

    Imagine an episode where the "mythbusters" carry a hardware key down to Home Depot or Ace Hardware and get a copy made. Would you be equally impressed with "how (in)secure these locks are"?
  • AZNL473ncy, on 10/12/2007, -0/+3Id like to see them beat an iris scan (not that it's impossible mind you).
  • adriand, on 10/12/2007, -0/+2um, thats what the finger print locks are! print = something you are, and code = something you know... didn't you notice the keypad? I don't think it was for dialing 411.

    the only truely reliable security is a guy at the door who knows who you are.. and even that can be bypassed with corruption.
  • paradoxy, on 10/12/2007, -1/+3they'll prolly just make an eyeball outta ballistics gel or something....somebody should suggest it to them
  • JQP123, on 10/12/2007, -2/+4If you think about it, this is not very realistic. They cheated quite a bit with lots of help and "inside" knowledge.

    1) They knew whose fingerprints were stored in the lock.

    2) They knew which finger was used as the key.

    3) They probably had the person's help in placing/obtaining a good copy of the target fingerprint.

    4) They had the PIN code associated with the fingerprint. They just gloss over this and don't really mention it except for a brief second in the video you can see someone entering a PIN code on the lock keypad.

    5) They were in no danger of being caught either in efforts to obtain the fingerprint or to break the lock.

    Remove any one of these and the test becomes quite a bit more difficult. Remove all of them and they would probably still be working on it. Any lock can be beaten, with enough inside knowledge and effort.
  • Morphinity, on 10/12/2007, -2/+4I remember it too. I was absolutely amazed at how they did it. And they did it legitimately, too.
  • TheRandomShow, on 10/12/2007, -3/+5Impressive...the other alarms they beat in this episode were equally amazing.
  • zbeast, on 10/12/2007, -0/+2The thumb print scanners have been done to death.
    I was more impressed with there defect of the Ultra sonic and infrared motion detectors.


    Oh and the secret missing step they didn't put in there video on how to defect the thumb print scanners.
    You need to invert the light and dark part of your thumb print following there method.






  • mr_cheese28, on 10/12/2007, -0/+2mythbusters is now one of the few shows that I watch on TV, with stuff like this the show keeps now getting better and better.
  • inactive, on 10/12/2007, -0/+2The readers where you have to actually pass yout thumb/finger over a slit-reader would probably be harder to beat.
    The one shown in the video can actually just be tricked with a water filled condom and some gentle pressure. The oils etc in the real finger print are left on the scanner, which, when the condom is gently pressed agianst it, are enough to trick many scanners.
  • AriaStar, on 10/12/2007, -0/+2And now we all know how to pull off a heist.
  • noouch, on 10/12/2007, -0/+1link for anyone who's interested (edit expired before I found the page)
    http://www.ccc.de/biometrie/fingerabdruck_kopieren?language=en
  • Caboose101, on 10/12/2007, -0/+1all you need to make the equivalent of a bump key for a fingerprint lock is a black and white copier ?.... wow, technology isnt really making locks any safer.
  • BlackLineFish, on 10/12/2007, -0/+1I lost my faith in security systems when I watched Vin Diesel do the Peter Panda Dance...

    --gh

    P.S. I sometimes have problems figuring out the letters to the security code needed to post!
  • inactive, on 10/12/2007, -1/+2The most effective way to defeat the ultra-sonic sensor was brilliant :)

    *tries not to ruin it for those who haven't see the episode*
  • SniperXPX, on 10/12/2007, -0/+1Mythbusters is awesome, they bust everything.
  • montagg, on 10/12/2007, -0/+1The only real test of security is time.
  • darkfish, on 10/12/2007, -2/+3Over-reliance on biometrics, that's the real issue, not the fact that simple fingerprint readers fail.

    I stopped using the fingerprint reader on my ThinkPad after playing with it for a while, and disabled the reader entirely. See my earlier post for the link on a real-life failure in use at a prison. So much for the hi-tech approach.

    Bruce Schneier is a well-known expert in the security field. His views on biometrics going back some years is pretty interesting to read. Check out his essays on this and security in general.

    Here: http://www.schneier.com/index.html
  • CoolWind, on 10/12/2007, -0/+1How many people have easy access to their "target" victim? And if you do, you have to get them to do something which then blows your cover. Then you also have to get the pin code for the lock. Yeah right. Get real.
  • grumpyrain, on 10/12/2007, -0/+1Security is relative, and all systems can be compromised with enough time and will power. I have not seen the episode, just the clip from youtube, but most of the biometric devices I have used have various thresholds, from a really poor anything vaguely resembing the shape of a print is fine to an ultra high theshold which I have yet to beat in our lab. It is much easier to compromise a conventional lock than a biometric lock, it is much easier to lose a set of keys / smart card than a finger / eye. No serious security setup would rely only on biometric based security (or at least the biometric based security of a single individual).

  • farrellj, on 10/12/2007, -0/+1Multi-factor authentication is not easy...but it's not that hard, either. Beating it can also be easy. As we have seen elsewhere, RFID tags can be cloned, key locks can be quickly defeated with a "bump key", and fingerprint scanners are totally bogus.

    On the other hand, technologies based upon public key encryption, coupled with something liket the ACE server, which depends on a key fob and syncrhonized random number generators can be as secure as you are going to get and still have some degree of ease of access.

    ttyl
    Farrell
  • johnlark, on 10/12/2007, -0/+1Did anyone notice the ads by google, the smaller box in the upper right, it's promoting a biometrics safe company. I bet they got tons of useless clicks, poor people.
  • inactive, on 10/12/2007, -0/+1heads rolling? doubt it, the best thing in being a security company is devising a product everyone thinks is unbeatable, they've probably already sold hundreds of those locks. OMG it's fingerprints - unbeatable!

    They tried busting a PC biometric device too I guess? anyone see that ep to say if they were successful?
  • noouch, on 10/12/2007, -0/+1The Chaos Computer Club did a proof of concept for this years ago...
  • inactive, on 10/12/2007, -0/+1Not exactly difficult to obtain though. Just asking the target to hold a shiny object for you (while pretending to fumble for keys or something) would be more than enough.
  • bluedepth, on 10/12/2007, -0/+1How about a modification to that door lock assembly? PIN, wrong fingerprint, then route wall current through door lock while contact is made. The dead body will be enough to serve as a deterrent to further incursions until someone comes by to collect the remains. :) Better get that PIN and fingerprint dead on, no second chances. :)
  • Fetching more discussions...
    Show 51 - 83 of 83 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.