MaS is about computer security, malware and spam issues in general.


Going shopping with someone else' fingerprint

From Germany, Heise reports on an experiment that the German TV station ARD did with the Chaos Computer Club to see if someone could use another's fingerprints to go shopping in the Edeka supermarket chains that have implemented payment by fingerprint ID. Next time I'm over in Germany I'll have to look at the setup, but it sounds like they are using the fingerprint for both identification as well as authentication. With this sort of set up, even using the fingerprint just for authentication would be a mistake, but this would be criminal if it is the case. Fingerprints are at best indicative of an individual and this fact has been made to good (and usually correct use) in criminal investigations where other evidence already exists to narrow down the suspects. However a lot of the recent applications are trying to misuse fingerprints for identification and that is a big mistake born of a lack of understanding of the technology.

No comments: