Hitoshi Kokumai

2年前 · 1 分の読書時間 · visibility 0 ·

chat 著者への問い合わせ

thumb_up 関連性 message コメント

Where to Collect Fingerprints? - On the Phones!

Where to Collect Fingerprints? - On the Phones!Where to Find<br />
Fingerprints?<br />
<br />
On the Phones!

Here is a funny report with a video on ultrasonic fingerprint sensing.   https://www.theverge.com/2019/4/7/18299366/samsung-galaxy-s10-fingerprint-sensor-fooled-3d-printed-fingerprint

Even more intriguing is the report about unlocking by a chewing gum pack.   https://9to5google.com/2019/04/24/nokia-9-pureview-fingerprint-update/

In both cases the people in charge presumably tried to keep false rejection very low for ostensibly achieving a nice accuracy, and lowered the threshold too much.

By the way, haven’t you wondered how it would be possible for those biometrics people to NOT notice that victims’ fingerprints can be readily collected on the victims' smartphones?

Face recognition is not left behind.      https://www.grahamcluley.com/facial-recognition-fail-allows-politicians-kids-to-access-his-laptop/

Well, though very eye-catching, these cases are small problems as compared with this fact -.https://youtu.be/7UAgtPtmUbk - Perfectly fake-proof biometrics would still be more insecure than a password/PIN-only authentication.

It is very worrying that those security-lowering gimmicks are being touted as a security factor for payments. Hopefully the people involved will wake up before tragedies get triggered off by the illusion of safety.

Supplementary Note – Biometrics Defeated by Itself

Artificial Intelligence is often taken up as a major threat to biometrics security. Biometrics is already defeated, however, by itself where it has to depend on a password/PIN as a fallback means against false rejection.

More specifically, biometrics vendors may be able to make their products much more fake-proof, but even the perfectly fake-proof biometrics would still be less secure than a password where it is co-used with a backup password; two entrances placed in parallel provide nice convenience not only to consumers but also to criminals as outlined in this video and closely explained in this article.

And yet, consumers are still adopting fingerprints and selfies. It is presumably because

1 placing a finger on a sensor and taking a selfie look far simpler and easier than feeding PIN/passwords for consumers

2. consumers are not informed that the biometrics and the PIN/password they had registered are deployed in ‘multi-entrance’ method that brings down the security to the level lower than a PIN/password-only login. (Reversely ‘multi-layer’ deployment brings up security)

While informed consent must be respected, misinformed consent must be corrected and disinformed consent punished, particularly when it brings a serious case of the false sense of security (illusion of safety).

< Related Article >

Big Myths in Digital Identity


Digital Identity and Democracy


thumb_up 関連性 message コメント

その他の記事 Hitoshi Kokumai