iPhone 5S fingerprint scanner tricked by Chaos Computer Club

September 23, 2013 by lance in Biometrics, Mobile, Physical Security

The Chaos Computer Club (CCC) in Germany recently announced its successful bypassing of the new iPhone 5S fingerprint scanner.

Despite many media claims that the new scanner worked on deep layers in the skin, and was not vulnerable to simple fingerprint duplication, that is exactly what succeeded.

The CCC used a high resolution photo of a fingerprint on glass to create a latex duplicate, which unlocked the phone. It strikes me as particularly problematic that the glass surface of an iPhone is the perfect place to find really clear fingerprints of the owner.

The real FBI facial recognition project

September 11, 2012 by lance in Biometrics, FBI, News, Surveillance

The New Scientist has an article on the FBI's Next Generation Identification (NGI) program.

It started out as a project to replace the old fingerprint database, but will now include biometrics, DNA, voice prints, and facial recognition.

The idea is to database all the mugshots so people can be quickly identified after arrest, or possibly so surveillance video could be compared to the database to identify possible suspects.

Obviously lots of civil liberties issues here, but still a very long way from the paranoid hollywood inspired rantings about real time global surveillance with integrated biometrics.

Using Language Patterns to Pierce Anonymity

March 15, 2011 by lance in Anonymity, Biometrics, Email Security, Internet, Online Privacy, Surveillance, Tracking

Thanks to Bruce Schneier for linking to this interesting article on using patterns in language to identify the author of emails. While the technique would not allow them to identify your anonymous emails in an ocean of others, that is rarely the real world threat scenario.

In many cases there is a relative hand full of likely authors of a given email or group of emails. It is often possible to gather large samples of emails known and acknowledged to be from the likely authors. In that case this technique has a small group of targets and excellent training materials which allow for very high levels of accuracy (the authors of the paper claim 80% - 90%). That is probably enough to get a warrant to search your home and computers.

Unless you have been unusually careful, the gig is probably up by then. Remember, this might not be for criminal matters. It many cases this would come up in whistle blowing or other non-criminal situations.