blog: Rube Goldberg and a dead man's fingerprints

One of the downsides of getting closer to the ripe old age of thirty is that you see people reinvent the wheel and every so often it seems to be more angular than before. This story popped up in the news : "Police asked this 3D printing lab to recreate a dead man’s fingers to unlock his phone". I thought the 3D printing craze was finally over, but apparently it still makes for a news story. The article describes how the police asked a Michigan State University professor for help in bypassing a phone's fingerprint sensors by recreating the dead man's fingers from digitized fingerprints. It talks about 3D printing and metal particles and how the fine-tuning might take a few weeks. Well, I'm sorry folks, but that particular problem has been solved for (at least) the last ten years.

Looking at my bookshelf, I see few issues of "die datenschleuder", club zine of the Chaos Computer Club. Some of the articles are a good read, a lot is insider humor and gibberish. But in issue #92 from the year 2007, there is a little gimmick included: The fingerprint of Germany's then-Interior Secretary Schäuble.

Starbug and others have demonstrated for the last ten years how easily you can reproduce fingerprints, the last prominent such occasion was the unlocking of the IPhone 5s / TouchID , supposedly equipped with sensors that did "deep scanning" of your tissue or something along those lines, which - of course - was nothing but marketing BS. So, how does it work?

  1. You need a digital version of the fingerprints. Superglue fumes make it easy to obtain fingerprints, they can then be photographed and adjusted for perspective in the computer.
  2. You create a high contrast negative.
  3. You print it out on a laser printer (high quality).
  4. You spread a thin layer of a wood glue-glycerin-mix on it.
  5. You wait for it to dry and attach it to your finger, e.g. with makeup artist's glue.
  6. When you need to use it, you rub it on your nose (to obtain skin oozings) and press it on the sensor.

That's all. For TouchID starbug took a detour via etching the printed fingerprint on a PCB to make sure that the lines are really deep enough, but that may or may not be necessary at all.

You do not need high tech to copy a fingerprint. It's fairly easy. And you leave your fingerprints everywhere. Why we still think of fingerprint locks as "secure" is beyond me. Sometimes I like a Rube Goldberg approach to problems. But in this case, the old solution is not only more elegant, cheaper and faster, but also more fun. If you'll excuse me, I now have to shoo the kids off my lawn.

Posted in hacking cynicism
2016-07-22 23:42