[Dailydave] Fingerprint biometrics attack paper...
adam at shostack.org
Tue Apr 12 16:38:17 EDT 2016
They steal /etc/shadow and call the library. Most biometrics give a
matching score because you can tune the false positive/false negative
On Tue, Apr 12, 2016 at 03:32:29PM -0400, dave aitel wrote:
| I want everyone to click on this paper and then maybe help explain it to
| me! From what I understand they got a fingerprint reader to tell them
| how hot/cold they were to an acceptable fingerprint. So they they modify
| a fingerprint to get closer and closer until it matches.
| DOES THAT EVER HAPPEN IN REAL LIFE? I'm so confused at what security
| system gives you a "hot/cold" value so you can use this algorithm. Could
| this paper be summed up to say in one sentence "Obviously if you give a
| matching score from your biometric, you can use a model of that
| biometric to retrieve the raw data with enough tries?"
| Dailydave mailing list
| Dailydave at lists.immunityinc.com
Don't miss out on my news, which comes out roughly once a quarter.
More information about the Dailydave