Security Basics mailing list archives
Re: Bank Automated Teller Machine Biometrics
From: Moz <lists () moz co nz>
Date: Tue, 5 Aug 2003 11:31:14 +1000
Ulisses wrote:
I´ve heard there are flaws in Iris and Facial recognition. Does anybody know where i can find information about these flaws ?
The most overwhelming flaw is non-replacability. Once the biometric token is compromised, you've lost the user. If you're using generic hardware (ie, not building your own), then once the token is compromised *anywhere* then it's useless. "Compromised" may mean something as trivial as "being used in an insecure system". And telling your user to use a different face is... interesting. The problem with esp facial recognition is that it has to distinguish between a photo or other model of the face, and the living face. But it also has to defeat attackers who have unlimited access to the person being impersonated, as it is a common condition of life that people don't obscure their faces, so it's easy to get video recordings of faces... One attack used such video recordings to defeat a number facial of recognition systems. Moz --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Bank Automated Teller Machine Biometrics Ulisses Eduardo (Aug 01)
- Re: Bank Automated Teller Machine Biometrics Chip McClure (Aug 01)
- Re: Bank Automated Teller Machine Biometrics thefueley (Aug 01)
- Re: Bank Automated Teller Machine Biometrics ed (Aug 01)
- Re: Bank Automated Teller Machine Biometrics compguruman (Aug 04)
- Re: Bank Automated Teller Machine Biometrics Ulisses Eduardo (Aug 04)
- Re: Bank Automated Teller Machine Biometrics Brad Mills (Aug 05)
- Re: Bank Automated Teller Machine Biometrics Moz (Aug 05)
- Re: Bank Automated Teller Machine Biometrics Ulisses Eduardo (Aug 04)
- <Possible follow-ups>
- RE: Bank Automated Teller Machine Biometrics Richard Bragg (Aug 04)
- Re: Bank Automated Teller Machine Biometrics Chip McClure (Aug 01)