More on politics and society from The Atlantic Monthly.
The Atlantic Monthly | September 2002
[From "Homeland Insecurity," by Charles C. Mann]
Tsutomu Matsumoto, a Japanese cryptographer, recently decided to look at biometric fingerprint devices. These are security systems that
attempt to identify people based on their fingerprint. For years the companies selling these devices have claimed that they are very secure, and that it is almost impossible to fool them into accepting a fake finger as genuine. Matsumoto, along with his students at the Yokohama National University, showed that they can be reliably fooled with a little ingenuity and $10 worth of household supplies.
Matsumoto uses gelatin, the stuff that Gummi Bears are made out of. First he takes a live finger and makes a plastic mold. (He uses a free-molding plastic used to make plastic molds, and is sold at hobby shops.) Then he pours liquid gelatin into the mold and lets it harden. (The gelatin comes in solid sheets, and is used to make jellied meats, soups, and candies, and is sold in grocery stores.) This gelatin fake finger fools fingerprint detectors about 80% of the time ...
There's both a specific and a general moral to take away from this result. Matsumoto is not a professional fake-finger scientist; he's a mathematician. He didn't use expensive equipment or a specialized laboratory. He used $10 of ingredients you could buy, and whipped up his gummy fingers in the equivalent of a home kitchen. And he defeated eleven different commercial fingerprint readers, with both optical and capacitive sensors, and some with "live finger detection" features ... If he could do this, then any semi-professional can almost certainly do much more.
—Bruce Schneier, Crypto-Gram, May 15, 2002
Charles C. Mann, an Atlantic correspondent, has written for the magazine since 1984. He is at work on a book based on his March 2002 Atlantic cover story, "1491."
Copyright © 2002 by The Atlantic Monthly Group. All rights reserved.
The Atlantic Monthly; September 2002; Homeland Insecurity; Volume 290, No. 2; pp 81–102.