Thursday, May 16, 2002

Biometric Security Less Than Meets the Fingerprint. Apparently, biometric security systems using fingerprints for authentication may not be as secure as generally believed. Bruce Schneier, well-known cryptographer and security consultant, points out in this Counterpane newsletter article that Tsutomo Matsumoto, another cryptographer, has successfully breached a number of these systems using artificial fingers made from easily obtained materials such as silicon and gelatin. To see how he did it, including pictures of the fake fingers, check out the presentation slides. Companies that have mandatory statutory requirements regarding information security, such as HIPAA covered entities and FDA-regulated firms, should especially take note of the potential vulnerabilities of such systems and not take vendor claims regarding such biometric systems at face value.

No comments: