Thursday, April 7, 2005

Defeating fingerprint readers...by force

Carjackers swipe biometric Merc, plus owner's finger | The Register


Carjackers swipe biometric Merc, plus owner's finger
By John Lettice
Published Monday 4th April 2005 13:52 GMT

A Malaysian businessman has lost a finger to car thieves impatient to get around his Mercedes' fingerprint security system. Accountant K Kumaran, the BBC reports, had at first been forced to start the S-class Merc, but when the carjackers wanted to start it again without having him along, they chopped off the end of his index finger with a machete.


Okay, I knew this would happen someday and this is evidence that it finally happened. Biometrics ("something you are") should only be used as a convenient _IDENTIFICATION_ mechanism as a necessary, but not a sufficient condition for _AUTHENTICATION_ of users. This is why multi-factor authentication is still important with Biometrics so you couple the "something you are" with "something you know" or "something you have".

Additionally, you should be wary of biometric hardware that can often be trivially fooled or, as this one, are unable to adequately tell the difference between "live" and "dead" or "not-live" biometric data. Else, you could be risking more than your security: the well-being and safety of your users.

No comments:

Post a Comment