[Dailydave] Fingerprint biometrics attack paper...
Adam Shostack
adam at shostack.org
Tue Apr 12 16:38:17 EDT 2016
They steal /etc/shadow and call the library. Most biometrics give a
matching score because you can tune the false positive/false negative
acceptable rates.
Adam
On Tue, Apr 12, 2016 at 03:32:29PM -0400, dave aitel wrote:
| http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.10.7168&rep=rep1&type=pdf
|
| I want everyone to click on this paper and then maybe help explain it to
| me! From what I understand they got a fingerprint reader to tell them
| how hot/cold they were to an acceptable fingerprint. So they they modify
| a fingerprint to get closer and closer until it matches.
|
| DOES THAT EVER HAPPEN IN REAL LIFE? I'm so confused at what security
| system gives you a "hot/cold" value so you can use this algorithm. Could
| this paper be summed up to say in one sentence "Obviously if you give a
| matching score from your biometric, you can use a model of that
| biometric to retrieve the raw data with enough tries?"
|
| -dave
|
|
|
|
| _______________________________________________
| Dailydave mailing list
| Dailydave at lists.immunityinc.com
| https://lists.immunityinc.com/mailman/listinfo/dailydave
--
Don't miss out on my news, which comes out roughly once a quarter.
http://adam.shostack.org/newthing.html
More information about the Dailydave
mailing list