Time
8 hours 33 minutes
Difficulty
Beginner
CEU/CPE
9

Video Transcription

00:05
So by so biometric devices, you know, there's many different kind of biometric devices, the most popular ones. Those are probably the 1st 3 fingerprinting facial recognition, facial scanning on iris scanning, voice recognition, Russian retinal scanning,
00:23
palm palm prints, vein structure, hand structure, those air definitely
00:28
types of biometric devices and and used for biometric authentication. They're not as widely used. Like I said before the 1st 3 or probably the most, most wide these mean fingerprints. They've been around for a long, long, long time. And, uh,
00:46
they're currently still probably the,
00:49
uh, the most accurate, um,
00:53
bye metric, uh, feature
00:57
that that can be used. Although although iris scanning is, Ah um is very accurate as well, right? Iris is actually consider more accurate. There's There's a disconnect, though, in the, um,
01:14
ability toe. Implement it properly.
01:18
Right? Right, so so right. In actuality, iris scanning is more accurate. Irises. Irises are thought to be much more distinct than fingerprints, but it is just has to do with actual algorithms that are used. Thio,
01:34
you know, basically kind of generating the algorithms that are used. Thio map out Map out the iris is that they just haven't quite caught up there yet Anybody? Anybody? No, is
01:48
useless trivia. But anybody know who the largest commercial user of biometric technologies or biometric authentication in the United States is.
02:00
That's a commercial so outside, outside of the government commercial.
02:05
I'm thinking
02:07
Disney. This was as of a couple years ago, so it might have changed. But as of a couple of years ago, it was Disney saying, but I know why.
02:19
Uh, no, that's a good uh, that's a
02:23
That's definitely a valid point, for it's for forgeries to prevent prevent people from scalping scalping in forging tickets.
02:35
So So I haven't been to Disney recently, but so I've been told Is that you know, when you got dizzy, Now you have to
02:44
do it do a fingerprint fingerprint scan.
02:46
So
02:51
Okay, so, um,
02:53
fingerprints can be fates.
02:54
Eight easy steps for faking fingerprints. I don't think I think easy is put in there to be a little sarcastic, because this by by no means seems to be the easy. But I mean, once a one issue with with biometrics, well, there's There's multiple issues with biometrics.
03:13
Um, one is there not,
03:15
you know, as the sites is, they're not impervious to attacks. I mean, they're definitely ur attacks out there. Thio try to subvert the biometric authentication systems. They're definitely more difficult, but there are attacks out there on. Then. There are There are privacy concerns. There are usability concerns in there, and there are
03:35
there are cost concerns. They are expensive.
03:38
Um,
03:38
and then there are issues. For example, if you have a fingerprint scans, well, what happens if I mean, this is kind of extreme, But what happens if you lose your hands? Oh, are something, you know, you know, the whatever the body part that's being used for that biometric device, I mean it's conceivable. Can be
03:59
can be altered. Could be, you know, through injury or intention.
04:02
Eso So these are kind of all issues with biometric devices. And then there's a huge privacy concern. You're talking about fingerprinting. People were taking iris. Scans are even even, you know, facial recognition.
04:15
You usually people don't have a big problem with getting their picture taken. But as soon as you introduce the idea of, you know, some kind of facial recognition, you know technology is gonna be used. Then all of sudden, you know, people get will concerned about privacy and that kind of thing. So there are issues out there, you know, you
04:34
with regards to two biometric devices and then and then cost. They are
04:39
compared to having unauthentic ation system, where you're just using a user name and password, which is very easy toe implement with, you know, biometric authentication system. You have very costly equipment that you have to buy has to be maintained on. Then you have, you know, you know, back end
04:58
that needs to be maintained as well. And then you have to
05:00
think about Harry. You're gonna protect the information that's being stored because you do have that privacy concern If you're storing people's fingerprints, if you're storing, you know, they're they're iris, you scans of their iris. You have to have very strong controls in place to protect those.
05:17
But getting back to the eight easy steps for for how thio take a fingerprint. So first is you identify a target whose, whose fingerprint you want to capture
05:28
the next step. The next step is the James Bond's tactic is you give him a drink, right? You give him a glass and they have a drink and then you go off on your little secret room and then you with the fingerprint using some kind of traditional, you know, forensics technique.
05:46
The next step is then you you photographed that print
05:49
and you get some, you know, high resolution photograph off that print and, well, this is scan the resulting image. But, you know, if you have high rez digital camera, you just take it with that. And I have, ah, very good image of the picture. And then you enhance the digital print image with
06:10
image editing software. I mean, that's, you know,
06:13
he's a cake. Um,
06:15
Then using a laser printer, you print the digital fingerprint on the transparency and then using wood glue and glitter sarin at its one side of the print, put on your finger, go up to the reader and you're in. So
06:30
you have an hour tonight. Go ahead, give it a try. See how it works. What they what they were able to variable tease. You kind of figure out right?
06:46
Right. So I mean, I mean, you know, we can laugh about it, but, you know, it has been, you know, it is it is a proven attack, and you can see that, you know, if someone is determined enough. I mean, you know, this is contrary to what this says. You know, it's not trivial to dio, But if you have a determined attacker
07:04
who has the resource is and the know how
07:08
they can, you know they can subvert subvert these systems. So just you know, just because you have a biometric authentication system in place doesn't mean you can just also be lax about security and say,
07:20
you know, we got you. We got these biometric controls in place for people coming into the building. So, you know, we don't have to worry about access controls, you know, on the inside, because no one's gonna be able to get in. You're just kind of fooling yourself,
07:36
you know, other issues with with biometric devices. You know, kind of what I was talking about earlier is that, you know, they're not foolproof facial recognition masquerading things like sunglasses changing,
07:53
you know, large changes and facial features.
07:57
You could can throw them off hand geometry devices. Okay. Limited tow er
08:03
limited to the amount of data points that are used and high number of false positives. false negatives. I don't I honestly don't know of
08:11
anyone who actually uses hand geometry. I'm sure. I'm sure it's out there
08:18
off hours. I mean, how does how does it work is pretty accurate. Or every time I've used that I've gotten in, I don't know whether somebody else feel any. Get in under my
08:35
You have to place your hand the right way. If you do it wrong, you can actually Agnes it up, right? It works
08:43
interesting.
08:45
Uh, retinal systems so retinal systems could be faked out if there's no light to illuminate the eye. Retinal scans they rely on, they illuminate the eye and it it relies on kind of shape of veins and blood vessels.
09:03
And I said, If there's not enough light,
09:05
you know I can't perform, you know, correct. Retinal scan. Ah, voice recognition can be duped through recordings.
09:13
Everybody is a very seen ah, sneakers
09:16
in the part where you know that there's a there's authentication system where the guy goes and he presents a token. And then he has this big, long pass phrase and lets him in. So they dio they set up a date with him and the woman has a voice recorder and and she tries to get him toe, say all that, all the different words and the phrase and
09:37
marks him off and then,
09:37
you know, they break in by playing it back. So
09:41
it might be a little bit Hollywood embellishment, but, you know, you know, there's definitely an element of truth to it.

Up Next