Police 3D-Printed A Murder Victim's Finger To Unlock His Phone (theverge.com) 97
An anonymous reader quotes a report from The Verge: Police in Michigan have a new tool for unlocking phones: 3D printing. According to a new report from Flash Forward creator Rose Eveleth, law enforcement officers approached professors at the University of Michigan earlier this year to reproduce a murder victim's fingerprint from a prerecorded scan. Once created, the 3D model would be used to create a false fingerprint, which could be used to unlock the phone. Because the investigation is ongoing, details are limited, and it's unclear whether the technique will be successful. Still, it's similar to techniques researchers have used in the past to re-create working fingerprint molds from scanned images, often in coordination with law enforcement. This may be the first confirmed case of police using the technique to unlock a phone in an active investigation. Apple has recently changed the way iOS manages fingerprint logins. You are now required to input an additional passcode if your phone hasn't been touched for eight hours and the passcode hasn't been entered in the past six days.
So... (Score:5, Funny)
Re: (Score:3)
The scientists are giving them the finger?
Pretty much giving the finger to privacy...
And Jain said he was happy to help when they got in touch: "We do it for the fun."
Re: (Score:2)
Re: (Score:2, Informative)
Re: (Score:3, Funny)
Wat.
3d-printed plastic fingers are... alive?
O_o
Re: (Score:1, Informative)
http://www.urbandictionary.com... [urbandictionary.com]
Re: (Score:2)
All you need to do is press the dead finger to the sensor hard, using your own (ungloved) finger. The sensor will activate based on your finger being alive.
Worse case scenario you cut off the pad of their finger and press that (your finger behind it). Or your elbow if you're squeamish. Or just run current through the dead finger if you don't want to defile a corpse.
All of this is assuming the clown used his fingerprint to unlock his phone. Long random password or nothing.
Re: (Score:3)
Capacitive touch (the metal ring around the iPhone's home button) only works if you are alive [...] Capacitive touch detects micro-electric currents that flow through your body
No.
The very first line from your own link:
In electrical engineering, capacitive sensing (sometimes capacitance) is a technology, based on capacitive coupling, that can detect and measure anything that is conductive or has a dielectric different from air.
Re: So... (Score:1)
Re: (Score:2)
Which part confuses you? You have a different dielectric than the air whilst alive.
Orange peels are capacitive, but so are some rubber sytluses, and a rubber stylus is most certainly not alive.
Re: (Score:2)
You also have a different dielectric than the air whilst dead.
Re: (Score:2, Insightful)
Re: (Score:3)
Capacitive touch (the metal ring around the iPhone's home button) only works if you are alive.
This is not true. It only works for materials that are suitably capacitive. There are lots of alternatives that work aside from living flesh.
Re:So... (Score:5, Insightful)
It's a cool use of 3D Printing; but couldn't just putting the victim's finger on the phone work?
If you would have read the article, it states that the body was too decayed. Another possibly scenario would be where the body hasn't been found yet and they find the phone in the victim's apartment, along side the road, etc... There are plenty of situations where you might have a prerecorded fingerprint but not a body.
Oh, and call me cynical but my guess is that one of the reasons it's being tried in this case is to set a precedence in a "safe" case so they can later use it against living people with a search warrant.
Re: (Score:1)
There is already a precedent for living people.. they can and will order your finger against the scanner...
http://thinkprogress.org/justice/2016/05/02/3774385/court-forces-woman-to-unlock-phone-with-finger-id/
Re: (Score:2)
So the important questions to ask are:
1. How long does it take to create a fake finger to unlock a phone?
2. Can I set the time-out that requires entering an unlock code to be less than that?
Re: (Score:3)
Beware the long finger of the law!
Re: (Score:2)
Re: (Score:1)
Hmmm... can I copyright my fingerprint and then charge the government some exorbitant price for keeping it in a database, or copying it anywhere else?
Right! Charge them with going up against the DMCA and sue the shit out of their grandmother for 10 billion in damages ! Good one!
They say it's his finger..... (Score:2)
but is it??
https://www.youtube.com/watch?... [youtube.com]
The worlds First unlocked iPhone 5s with The penis
Re: (Score:2)
If I'm found murdered... (Score:1)
...please don't try to unlock my phone. To me, having my privacy interfered with is a greater fear than being murdered.
Re: If I'm found murdered... (Score:1)
It should be since in your hypothetical you'd already be dead.
Re: (Score:3)
Don't be a criminal or get murdered and you won't have an issue.
Re: (Score:3)
I wish that I were nearly as confident of that as you.
Re: (Score:3)
Once I'm dead, one of two things will happen. I will either no longer exist and therefore wouldn't care about my privacy anymore, or I will live on in some mystical realm and wouldn't care about my corporeal privacy anymore.
Either way, privacy would be the last thing on my mind.
Re: (Score:3)
You obviously haven't watched enough silly TV, or you'd realize the third option is that you will haunt your phone until someone does a documentary about it.
How quickly can they print a fingerprint? (Score:1)
iPhones give you only 48 hours to use a fingerprint before reverting to passphrase (and less than eight hours if you haven't unlocked by passcode within the last six days)
Re: (Score:2)
On mine it's 12h (I think, it may be 8, I do it every morning and sometimes after a long day out) and I have a >4 character code. Also whenever the device restarts or anything (base band) is updated.
So much for biometrics being more "Secure" (Score:5, Insightful)
How long till they use 3D printing or such to replicate someones face or retina scan?
One more reason for me to never use or trust bio-metric authentication.
And now I have something I can point to and say "See?" when someone tries to convince me how great Bio-metrics are.
Re: (Score:2)
Whatever happened to "Demolition Man" old school, put eyeball on a pen or cut off finger
Re: (Score:2)
What about the old my voice is my passport verify me?
Bell Canada has a system like that.
Re: So much for biometrics being more "Secure" (Score:1)
At some point your synaptic connections will be scanned so that anything you memorized can be used against you
Re:So much for biometrics being more "Secure" (Score:5, Interesting)
The only biometric signature hardware that I've seen that I would consider seriously difficult to spoof would be the deep-vein reader:
http://www.fujitsu.com/us/solu... [fujitsu.com]
http://www.m2sys.com/palm-vein... [m2sys.com]
They use "Palm Vein Authentication" and this seems like it would be really, really tough to trick. I think it would be very hard to recreate the sensor signature, probably harder than a retinal scan.
Re: (Score:1)
I don't think so. All you need to do is to provide something that'll generate the inputs in the sensor that the back-end wants to see. Since biometrics are inherently fuzzy, you always have some leeway. And the sensor can only see so much. In fact the back-end first runs some processing step to abstract out what the designers thought were the high points, to try and reduce noise in the input. This happens with fingerprints, but with facial recognition also. Distorting those is what those facepaint tricks do
Re: (Score:2)
I don't think so. All you need to do is to provide something that'll generate the inputs in the sensor that the back-end wants to see.
Not only would you have to come up with this "something" that'll generate the inputs, you'd also have to get the "live palm signature" of the person to be impersonated with all of the correct biometric markers.
Yes, it'll probably be possible to spoof it someday, but I think that day is quite a ways off. By then I suspect it'll have been enhanced with DNA sensing and who knows what else.
The fact is that technology like this is rapidly making it more and more difficult to fool these kinds of "deep-sensing" au
Re:So much for biometrics being more "Secure" (Score:4, Insightful)
The good news is that this might mean it is better for the thieves to just scan your finger, instead of needing to cut it off. They'll get one that doesn't need refrigeration that way. Unfortunately, this can only be done with fancy custom academic prototype 3d printing, not off-the-shelf models, so for now the answer for thieves of biometric-protected items is still to cut the finger off and apply an electric current.
My solution is simpler: I don't put anything on a mobile device that needs strong protection. Just because it is possible to bank from a phone app doesn't automatically mean there is a great use case for it. Internet banking from a physically secure desktop computer seems like a much better setup to me. But I've had that since the 90s.
If I really, really wanted to check my balance from my phone, I could actually just call the 800-number and have a computer read it to me. And it is much safer, because I can't do transactions that way; only check the balance.
Re: (Score:2)
Has there ever been a case of a thief actually cutting someone's finger off and then applying an electric current just to get into their mobile banking app? Seems much more likely they would just steal your wallet and phone, and maybe force you to withdraw some cash or tell them the credit card PIN number.
Thieves are usually quite unsophisticated and the ones with half a brain try to avoid making contact with their victims at all, e.g. by using card skimmers at ATMs and payment terminals.
The really stupid t
Re: (Score:2)
Actually both of those usually only require a high res photo.
Why not use the real finger? (Score:1)
I mean if the guy is dead, why not just go down to the morgue and swipe his finger across the phone?
Re: (Score:2)
I think it requires a pulse.
Re: (Score:3)
It depends on the sensor. There are sensors available that can look for a pulse, appropriate temperature, even the presence of subcutaneous blood vessels imaged in the infrared. But those are expensive and bulky sensors, and not the sort you find on phones, which are comparatively crude devices.
Re: (Score:2)
What is "appropriate temperature" for a finger? My SO regularly manages to get her hands (and feet) below ambient temperature...
Re: (Score:2)
Re: (Score:2)
Because humans tend to swell up when they decompose, not sure about the rate in morgue fridges (they don't deep freeze you) but I think over time someone (usually family) would eventually want to burry or burn you.
Re: (Score:2)
There must be a reason - probably one of the things not released as this is an ongoing investigation. Maybe they don't have the body, or they have but it was disposed of in a way that destroyed the prints, or it wasn't found for some weeks and is to decayed to read.
Here's the interesting part... (Score:5, Interesting)
Here's the interesting part...
A 3D printed finger alone often canâ(TM)t unlock a phone these days. Most fingerprint readers used on phones are capacitive, which means they rely on the closing of tiny electrical circuits to work. The ridges of your fingers cause some of these circuits to come in contact with each other, generating an image of the fingerprint. Skin is conductive enough to close these circuits, but the normal 3D printing plastic isnâ(TM)t, so Arora coated the 3D printed fingers in a thin layer of metallic particles so that the fingerprint scanner can read them.
but here's the relevant part (Score:2)
it's unclear whether the technique will be successful
The headline is misleading. They haven't actually unlocked the phone, they just think they might have a way. If not they'll need to call the FBI.
on top of that (Score:1)
"But Arora said that in a few weeks, once he’s tested the fingers enough in the lab, he’ll hand them over."
In a few weeks? WTF! That's why anything for gov't costs an arm and a leg !
Wouldn't 'testing' take like 5 minutes?
Re: (Score:2)
Way to shoot yourself in the foot, LEOs (Score:4, Insightful)
This is a logical enough move, though I'm pretty sure you can do it without an actual 3d printer. We already know that fingerprints can be duplicated with very little effort indeed. But the problem for our esteemed LEO bunch here is that LEOs are now admitting this reality. And that brings up important sticky sticking points.
For, if they start to routinely duplicate fingerprints, what value do fingerprints found on the scene retain?
Also, now it turns out they're sitting on gigantic databases of other people's access keys, in the form of earlier taken fingerprints. You can trust them with that, can't you? They're totally trustable, right?
Re:Way to shoot yourself in the foot, LEOs (Score:4, Insightful)
Also, now it turns out they're sitting on gigantic databases of other people's access keys, in the form of earlier taken fingerprints. You can trust them with that, can't you? They're totally trustable, right?
That's the real kicker. They don't even need a new scan. Even if you're not paranoid about the police directly, the identity thieves have already proven that they have an easy time planting people on the inside of government agencies that have access to identity data, like the DMV. And the amount of drugs that are smuggled into prisons shows that criminal elements have fully penetrated the prison guards. So there is already black market access to this information. You can't just avoid new scans to avoid it.
It isn't viable to protect the secrecy of your fingerprints, so it isn't viable as an authentication mechanism. The main thing you can do to protect yourself is not to rely on authentication mechanisms; don't think that putting your fingerprint into your phone lock screen means that it is safe to store secrets (like banking access) on a phone. Don't think that having a fingerprint scanner on a door means that nefarious persons can't enter through that door. Don't think that a fingerprint scanner on a car ignition will keep thieves from driving away in it. Etc.
great movie idea (Score:2)
Re: (Score:2)
"it's not working"
"how does it taste?"
"salty"
"it's an anal model, you dumb-ass"
So even without the conductive layer . . . (Score:5, Insightful)
Prosecutor: "Can you explain how your fingerprints came to be on the murder weapon?"
Defendant: "I don't know. I never touched it. Never seen it before. Maybe the police put it there? Since we know they can, experience has shown that they will."
Re: (Score:3)
The judge will most likely not allow the jury to hear that.
Re: (Score:2)
Such a judge should be thrown off the bench, tarred, and feathered.
Re: (Score:2)
Who will be the only DNA "expert" in that city, state or nation? How well are their gov labs run? Who inspects their methods? A trusted gov worker with a huge case load just counter signs their own
Technically legal (Score:3, Insightful)
Live people have far more privacy protections than dead people do.
Re: (Score:1)
My question is, wouldn't this still fall under the Computer Fraud and Abuse Act? The LEOs/anybody else are not allowed users of the device, and it is a computer on a network.....
Well, duh (Score:2)
Fingerprint authentication has never been, and will never be, adequately secure.
usual police incompetence (Score:4, Informative)
You don't need to 3D print a finger to fabricate a fingerprint, a simple laser printer is enough:
http://www.instructables.com/i... [instructables.com]
Double edged sword (Score:1)
And in the process they've proven that because a finger print is found at a crime scene doesn't mean that their suspect was there. If I were a defense attorney I'd keep a copy of this case in my briefcase and whenever a prosecutor used finger prints as evidence I'd pull it out and say "I have a case right here where POLICE faked a finger print so if the prosecutor could please prove that these fingerprints were used actually came from my client"
You know what? Fuck this. (Score:3)
I guess I'm glad everything's password and I have a really, really good memory and very fast fingers.
bloody stupid (Score:3)
There is no way to spoof a fingerprint sensor with a 3D printer. It would take extremely precise printing, far better than any 3D printer the local cops are like to have and a very precise fingerprint. And a sensor that has no ability to note discrepancy with living tissue. So I am claiming complete bullshit pretense of far more powers than cops have.
Heck, I have to recalibrate my iThing fingerprint patterns every month or so to get it to recognize the real thing.
Re: (Score:3)
Original gummy fingerprint tests beat most scanner (Score:4, Informative)
The original presentation on beating fingerprint sensors with ordinary laser printer printed copies of fingerprinters, laid on gelatin, published in 2002, is available at:
http://web.mit.edu/6.857/OldSt... [mit.edu]
It's quite a good presentation, and was verified by MythBusters in 2011.
https://www.youtube.com/watch?... [youtube.com]
Mythbusters even demonstrated that simply printing a fingerprint on paper, and _licking the paper_, created a fake fingerprint good enough to defeat most sensors. There's little reason to think that the commercial fingerprint sensors have gotten any better, though I'd welcome a modern retest with modern cell phone and computer keyboard based sensors.
Basically, the "fuzziness" of fingerprint sensors which allows to identify real fingers with real sensors is enough "fuziiness" to allow them to be beaten with even casually made fake fingerprints. I've seen no good evidence that the necessarysensor and computational "fuzziness" has ever been worked around with even the most expensive modern sensors: I'd welcome any evidence with honestly done tests showing otherwise.
Re: (Score:1)
For non-phone devices, you could probably at least come up with something that requires a finger-shaped input (e.g. requires finger inserted, pushes a button at the end to toggle the snapshot) and maybe a heat-sensor.
That might not exclude warm gelatin, but at least it'll beat a laser-printed print affixed to the end of a pencil etc.
Your fingerprint is not protected by Constitution (Score:1)
too restrictive (Score:1)
It's time for the government to modernize and silence all of this counter-revolutionary free market, open democracy, free speech stuff.