[Dailydave] Fingerprint biometrics attack paper...

Adam Shostack adam at shostack.org
Tue Apr 12 16:38:17 EDT 2016

They steal /etc/shadow and call the library.  Most biometrics give a
matching score because you can tune the false positive/false negative
acceptable rates.


On Tue, Apr 12, 2016 at 03:32:29PM -0400, dave aitel wrote:
| http://citeseerx.ist.psu.edu/viewdoc/download?doi=
| I want everyone to click on this paper and then maybe help explain it to
| me! From what I understand they got a fingerprint reader to tell them
| how hot/cold they were to an acceptable fingerprint. So they they modify
| a fingerprint to get closer and closer until it matches.
| DOES THAT EVER HAPPEN IN REAL LIFE? I'm so confused at what security
| system gives you a "hot/cold" value so you can use this algorithm. Could
| this paper be summed up to say in one sentence "Obviously if you give a
| matching score from your biometric, you can use a model of that
| biometric to retrieve the raw data with enough tries?"
| -dave
| _______________________________________________
| Dailydave mailing list
| Dailydave at lists.immunityinc.com
| https://lists.immunityinc.com/mailman/listinfo/dailydave

Don't miss out on my news, which comes out roughly once a quarter.

More information about the Dailydave mailing list