Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Cellphones Privacy Software Technology Hardware

Fake Fingerprint Stickers Let You Access a Protected Phone While Wearing Gloves (gizmodo.com) 74

A new Kickstarter campaign aims to sell you fingerprint stickers that, when applied to a pair of gloves, allow you to unlock a mobile device that's protected with a fingerprint scanner. The sticker is powered by Nanotips and is "made with an extremely adhesive conductive material that can be applied to any surface for touch capability." Gizmodo reports: You can of course still access a fingerprint-secured smartphone using regular touchscreen-friendly gloves by simply punching in your passcode on-screen, but why should we have to give up the convenience of a feature like Touch ID for months on end just because it's cold outside? We shouldn't, and these Taps stickers will allow you to use your mobile device's touchscreen and fingerprint reader, for unlocking your phone or making a purchase, even while your actual fingers (and fingerprints) are being kept warm and toasty inside a glove. After applying a textured stick to the tip of your glove, you just have to register it as an approved fingerprint using your smartphone's security settings. You might assume this would mean that anyone with a Taps sticker on their gloves could access anyone else's protected phone. But according to its creators, using nanoparticle technology every single Taps sticker has an individual and unique artificial print ensuring that only your gloves can access your device. That being said, there is still the risk of someone stealing your gloves, which is easier than stealing your fingerprints, so you'll have to weigh the security risks introduced versus the added convenience these offer.
This discussion has been archived. No new comments can be posted.

Fake Fingerprint Stickers Let You Access a Protected Phone While Wearing Gloves

Comments Filter:
  • by fahrbot-bot ( 874524 ) on Wednesday November 09, 2016 @09:21PM (#53253111)

    You can of course still access a fingerprint-secured smartphone using regular touchscreen-friendly gloves by simply punching in your passcode on-screen, but why should we have to give up the convenience of a feature like Touch ID for months on end just because it's cold outside?

    Because this: Feds Walk Into a Building, Demand Everyone's Fingerprints To Open Phones [slashdot.org]

    Using a pass code is protected by the Fifth Amendment, using a fingerprint is not.

    • by justcauseisjustthat ( 1150803 ) on Wednesday November 09, 2016 @09:29PM (#53253157)
      Every time I get pulled over or whatever, I force reboot my phone to require passcode.
      • by mysidia ( 191772 ) on Wednesday November 09, 2016 @10:01PM (#53253353)

        Every time I get pulled over or whatever, I force reboot my phone to require passcode.

        I'm guessing there's probably an App for that to add an "I've been pulled over" button to the lock screen for forcing a reboot.

      • Seems a bit OTT. Why not just have a passcode or swipe pattern as the standard lock?
        • Seems a bit OTT. Why not just have a passcode or swipe pattern as the standard lock?

          You have a choice. If you don't want to use fingerprints, you don't have to. I use fingerprint access on my iPhone and it's about as opt-in a feature as you could want. They changed from 4 letter passcode to 6 now.

          Can it be spoofed? Sure. But they'll have to know which finger or body part I used to set up, and there is so little of interest on my phone that it would be a waste of time to even try. I mean I texted the word "poop" once. But that's about it.

          • Can it be spoofed? Sure. But they'll have to know which finger or body part I used to set up,

            Security 101. Any security system is only as strong as the likelihood of volunteering the password when an attacker jams a screwdriver in your ear.
            You wouldn't be the first person to refuse to co-operate with the cops. I'm pretty sure they have well worn methods for extracting information from uncooperative suspects.

      • by murdocj ( 543661 ) on Thursday November 10, 2016 @06:58AM (#53255755)

        Just how often do you get pulled over?

    • by Anonymous Coward

      Another good tip is to keep all your passwords in plain text in a word document on your desktop. That way you never have to remember your passwords and you can have different ones for each site/account. Of course someone could just open it and look at it / copy it, but the convenience! /sarcasm what a stupid product. Take your glove off for the 2 seconds it takes to scan your finger or, like the article says, just out in your passcode.

      • by kbdd ( 823155 )
        Actually, I print them in bold letters and stick then on the back of the display, it is even more convenient that way.
    • Because this: Feds Walk Into a Building, Demand Everyone's Fingerprints To Open Phones [slashdot.org]

      Using a pass code is protected by the Fifth Amendment, using a fingerprint is not.

      Why not use the 'sticker' part of the glove _instead_ of one of your actual fingers? Then you could visibly try every finger and plausibly deny that the phone is yours.

    • by Anonymous Coward

      They've got a point, the fingerprint is the username not the password.

      'Because it's convenient' does not make it security.

    • Never did get why the FBI took Apple to court when they could have just taken the IPhone to the morgue.
    • by Anonymous Coward

      You can of course still access a fingerprint-secured smartphone using regular touchscreen-friendly gloves by simply punching in your passcode on-screen, but why should we have to give up the convenience of a feature like Touch ID for months on end just because it's cold outside?

      Because this: Feds Walk Into a Building, Demand Everyone's Fingerprints To Open Phones [slashdot.org]

      Using a pass code is protected by the Fifth Amendment, using a fingerprint is not.

      I think most people have forgotten the presentation / keynote where Touch ID was introduced:

      In that segment Jobs pulled out a statistic that something like over 70% of people don't put a PIN on their iPhone, Why didn't they? Because it was a pain in the ass. Touch ID allows you to conveniently unlock your phone, but to activate it, you need to enter a PIN. Now, with newer iPhones, probably something like 100% of people have PINs.

      I don't anyone reasonable is saying that fingerprints are the be-all and end-al

      • I think most people have forgotten the presentation / keynote where Touch ID was introduced:

        In that segment Jobs pulled out a statistic that something like over 70% of people don't put a PIN on their iPhone, Why didn't they? Because it was a pain in the ass. Touch ID allows you to conveniently unlock your phone, but to activate it, you need to enter a PIN. Now, with newer iPhones, probably something like 100% of people have PINs.

        A person who finds entering a 4 digit passcode (now 6) is going to really have issues with setting up touch ID.

        But you are right, peeps be lazy.

        My wife doesn't even want a passcode or TouchID. I told her in that case, no ApplePay or any purchases with it until you do.

    • Comment removed based on user account deletion
      • And it is less secure, because if I can put these on a glove, so can somebody else.

        Well, I'm sure no Kickstarter campaign ever made unrealistic claims about their product.

    • Using a pass code is NOT protected by the fifth amendment. Nor is using encryption. A judge can require you to give up your pass code and/or your encryption key, and if you refuse, you can go to jail for contempt of court forever (until you reconsider and comply). Just like your DNA is not protected -- you can be compelled to give it up. Just like your writings in general are not protected. The only thing that is protected is your right not to be compelled to testify in a court room if your honest te

      • 4 digit phone codes are also obviously a waste of time in the first place. So are six digit codes. Or eight digit codes. Eight CHARACTER keys on strong encryption is a weak opener -- maybe the feeb can't crack that with in-house resources, but I wouldn't bet against the NSA, and in principle the feeb can call on the NSA in any circumstances that would warrant it.

        We see this sort of thing with old school locks. They are secure in minutes, so to speak. An accomplished cracker can break into a certain lock in a certain amount of time.

        So its kind of like a two factor authentification. You have the device that delays entry, and you have the person checking on it every so often. Yeah, someone is going to be able to crack a four digit code without too much trouble. But given that the phone locks after X number of failed inputs and they have to wait a while before trying

        • Or, they could just take the data out of the phone, put it into a special OS shell that doesn't have the lockout feature, and rip through all 10000 four digit codes in the time wasted between keystrokes in this reply. Or they could look at the smudges on the screen, make an educated guess as to the numbers being pressed, and reduce the search space to the permutation of 4 or fewer digits.

          The point is that 4 digits is very, very fundamentally insecure. Oh, it's probably fine to protect your data from a pho

          • by Ol Olsoc ( 1175323 ) on Thursday November 10, 2016 @12:15PM (#53258447)

            Or, they could just take the data out of the phone, put it into a special OS shell that doesn't have the lockout feature, and rip through all 10000 four digit codes in the time wasted between keystrokes in this reply.

            Or, or, and or. I'd be the last person to argue for or against any so called security features on a phone. I do not consider anything about a phone to be secure at all ever. So if I were to be doing something illegal, I sure as hell wouldn't put it on my phone.

            The whole thing is people demanding an inherently non-secure device to be secure. It's like buying a billboard, putting something classified on it, or kiddie porn, and demanding that people not see what is on it because you demand your right to privacy.

            It simply is not secure.

    • Comment removed based on user account deletion
  • Fingerprint locks can be foiled. [youtube.com]

  • How dumb is this, so instead of making someone steal your fingerprints and make copies , they can just steal your gloves. Bad idea, but I bet it will get play in the tech community just because it's so bad.
    • You already leave your fingerprints everywhere you go, including all over your phone. So using a print scanner only inconveniences an honest user and does nothing to stop a determined criminal.
    • That's OK, after your gloves are stolen just make sure to reset to a new fingerprint quickly.
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Don't get a glove with YOUR fingerprint. My phone can accept multiple fingerprints, the glove can be a new one. If I lose the glove, I reset the fingerprints to mine without the glove.

        --XYZZY--

        • Don't get a glove with YOUR fingerprint. My phone can accept multiple fingerprints, the glove can be a new one. If I lose the glove, I reset the fingerprints to mine without the glove.

          Logic...

          A rare yet beautiful thing.

    • Probably don't have to steal them. I reckon gloves must be among the most misplaced or lost items in places where winter is cold enough to require wearing them. Of course finding gloves with attached fingerprint sticker doesn't help link them to an owner and a device to unlock, but it does give you a fingerprint to leave around somewhere to say, mess up a crime scene investigation. Has a cast-iron alibi ever been overturned in court because of fingerprint evidence?

    • Or, just stealing your fingers. They are removable, after all...

  • What would be really handy is a simulated finger I can keep on my key chain.

    • My key chain is the one with the plastic (you hope) fingers and eyeballs on it.
  • by Falos ( 2905315 ) on Wednesday November 09, 2016 @09:53PM (#53253303)
    >A new Kickstarter campaign
    Stopped reading here. A new record.
  • I'm sure they're made them unique, but is it unique for touch devices or just in the lab?

    "there is still the risk of someone stealing your gloves, which is easier than stealing your fingerprints"
    I think I pay less attention to where my finger prints are left compared to a pair of gloves.

  • Knows nose (Score:4, Interesting)

    by cwatts ( 622605 ) on Wednesday November 09, 2016 @11:51PM (#53254061)

    In cold weather I register the end of my nose as a fingerprint. It works! And the feds will never figure it out, they can try all my fingers and still not get in.

    If you want to keep finger functionality, use your imagination- the back of a knuckle or the side of a thumb are just as unique as a fingerprint, and work just as well.

    Unlocking ones phone with one's nose will occasionally be met with wisecracks- trying to operate a phone with a nose will probably get you beaten up or arrested. So be careful :)

    cw

    • Re:Knows nose (Score:4, Interesting)

      by ledow ( 319597 ) on Thursday November 10, 2016 @02:59AM (#53254989) Homepage

      It just makes me question the uniqueness being measured (we know fingerprints are "unique" enough for convictions, but if your nose passes muster to a fingerprint reader as a valid fingerprint, surely it's not measuring that much uniqueness in the first place?). Noses just don't have unique, large, raised, patterning like fingerprints do. You can SEE and FEEL fingerprints, that's how large the features are. You can't see much difference between one squished nose and another.

      All this tells me is that fingerprint readers on smartphones are naff toys. And I don't for a second buy the "it depends on the glove used" tripe either.

      I looked into a fingerprint reader that schools were using for access. It turns out to be a scanner. With some Linux tools and jiggery-pokery you can pull out a black-and-white scanned TIFF from the sensor, which just feeds it into software which does the "uniqueness" bit (finding edges and comparing corner points, mostly).

      So I printed out the TIFF, swiped that, and it accepted it. I'm sure they've come on leaps and bounds since, but they are still susecptible to the same old attacks. You don't need to find "a finger that's correct", just a sufficiently convincing model of that finger. That can be anything from a flat piece of paper, to a PCB-etched one, to some gummi bears moulded from that. But still, outside of humongously expensive things, nothing really that good at detecting fakes.

      The heartbeat sensor in my phone uses the colour of the skin to measure heartrate "accurately enough". It's literally just a colour sensor, like a scanner, with sufficient red illumination to make your pulse "visible". That could easily form another part of a smartphone fingerprint sensor. And would STILL be just as susceptible to, say, a smartphone display showing the fingerprint and red-pulse that it expects.

      It's the analogue hole all over again. If you can copy the data stream sufficiently, you don't need the original any more.

      And that just makes fingerprints worthless.

    • your a genius, it really works.
  • "but why should we have to give up the convenience of a feature like Touch ID for months on end just because it's cold outside?"

    Why? So that the police can't get at your phone's contents. Your fingerprint can be forced onto the phone, a password can't.

  • There already exist flexible materials which can be made to change shape under an applied current, it should be possible to make them small enough to display haptically at the tip of a gloves finger a fingerprint taken by a fingerprint sensor on the inside of the glove.This would solve the problem of the stolen glove as well as the mistaken belief in biometric access control.
  • by kbdd ( 823155 ) on Thursday November 10, 2016 @07:22AM (#53255857) Homepage
    That has to be the stupidest idea I have heard of in a while.
  • Can you change your fingerprints when you want?
    • Can you change your fingerprints when you want?

      I don't believe it is a digital print out of your actual finger. Based on what I have read, it looks like it's just a unique pattern you can use as a fingerprint on your device. Then, if you lose the sticker, you just remove it from your security settings and use a new one.

  • Give me your wallet, phone and gloves, please.

  • Those stickers sound useful, as they are the only safe way (when available without gloves) to use a fingerprint scanner. You leave your fingerprint everywhere and cannot change it. So it's useless as pass code. But you can buy new stickers, if you want to change your "fingerprint" login.

Before Xerox, five carbons were the maximum extension of anybody's ego.

Working...