No offense, but I think you've been watching too many spy movies. ;-) Realizing the millions invested in biometrics, someone has already considered this. Better biometric systems actually take into consideration things such as pulse, blood pressure, or body temperature.
The bigger concern with biometrics is not the capturing of the biological data, but rather with how that information is stored on the computer. See, even though a fingerprint is very unique, the uniqueness of the fingerprint is not necessarily captured by the computer. If the biometric software only stores a dozen key points of reference, than cracking that becomes trivial. Also, if the database that the "digital fingerprint" is stored in is not well secured, it may be easy to capture and replicate that information. Of course, this is all hypothetical. I don't know of anyone actually exploiting these types of vulnerabilities. Think of it this way. If you don't mind a little clich�, a chain is only as strong as its weakest link. Your fingerprint is the strongest link in the biometric chain, so attack a different link. I'd be curious to hear from any folks on this list who work with biometrics to explain in better detail how these issues are addressed. These are concerns that were brought up to me at one time by another security professional. I'd be curious to hear someone help sort fact from fiction. Brownfox -----Original Message----- From: Daniel Ferguson [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 28, 2002 2:32 PM To: [EMAIL PROTECTED] Subject: RE: Physical Access Control fingerprint access control, i cant help you much on where to find the products im afraid.... but i have to say the idea of fingerprint control frightens me. If people break into your building and demand entry to a room, instead of the employee handing over for instance... a swipe card, the attackers simply have to chop off the finger. I know what id rather hand over... :)
