Biometric Sensor Bypass
Many people immediately associate the word “biometrics” with fingerprints. And this is true, because it is devices with fingerprint sensors that are currently the most common on the market among access control systems that use biometric parameters.
However, such sensors are not a serious protection system at the present time. It is rather a fashionable toy that is impressive, but no more. There are some very simple, and at the same time, very successful ways to bypass the fingerprint security system:
- 1. The easiest way is to “revive” an existing fingerprint left by a registered user by breathing on the sensor.
- 2. Fraud the system using a fingerprint printed on paper
- 3. The use of "artificial finger"
Many manufacturers of fingerprint sensors introduce control of additional parameters, such as body temperature, pulse, the presence of sweat glands (skin-galvanic reaction). However, the 3rd method allows you to simulate all these parameters, because the finger will not be completely artificial, but yours, but with a fake fingerprint.
Consider the method of manufacturing the most effective in terms of deception fingerprint sensor "artificial finger".
To make a fake fingerprint, we need:
- Sample print (in this case, we found it on a glass bottle)
- Rubber bottle cap
- Super glue
- Digital camera
- Laser printer
- Computer with Photoshop
- Transparent film for printing on a printer
- PVA glue
So, let's get down to manufacturing. Imagine that we have a bottle with a fingerprint of a person who has authorized access to the system:
We put a few drops of superglue into the lid, wait a few minutes so that the glue cures and does not drain. Now we cover our sample with a lid with glue, so that the glue vapor settles on the organic structure of the imprint:
thereby visually revealing it on the glass.
Great, now you can take a photo in high definition.
Using Photoshop, process the image in such a way as to remove “dirt and blur.” As a result, we should get a clear black and white drawing of the original size.
We print it using a laser printer on a transparent film. Toner creates a three-dimensional structure on the film. Now we apply a thin layer of PVA glue on top of the film.
When the PVA hardens, we cut out our fake fingerprint and glue it to our finger with the help of nail polish (you can also try using superglue if you need to be durable and stronger). The fingerprint is ready:
Methods for making a raised fingerprint may vary. For example, in “Destroyers of Legends” a slightly different approach was shown - etching a skin pattern on a printed circuit board coated with copper.
In my opinion, the most resistant to hacking and at the same time practical are sensors that identify the user by drawing veins in the palm of your hand.
Firstly, it is very difficult to obtain a sample compared to fingerprint sensors. If you immediately thought about chopping off your hands, then I’m hurrying to stop you: similar systems can also control the presence of circulating blood inside the veins, pulse, and of course the temperature. In addition, in real conditions, it is difficult to quietly slip someone else's hand into the system, for example, if a security guard is sitting nearby.
In the following posts I will consider the most practical ways to bypass other access control systems.