I wonder how they tested the "will not work with a severed hand" part.
Bank whips out palm-recognition kit - and a severed hand won't work
Italian banking group UniCredit has developed a commercial biometric payment system based on Fujitsu PalmSecure palm vein reader technology. UniCredit selected palm vein reader technology instead of more widely touted biometric technologies, such as fingerprint readers and retina scanners, to underpin a prototype mobile …
-
-
Wednesday 6th March 2013 09:53 GMT Silverburn
if done poorly, a severed hand would not contain blood, so most vessels would be empty, and thus thinner than expected. Or perhaps it's simply looking for body temperature.
You would need to kill the victim via poison (puncture wounds may cause excess blood loss), then sever the hand fingers down. Then flash freeze to ensure the veins are frozen in their "open" state. For use, it will be thawed, then you would need to transport the hand fingers down, and perhaps with a wax seal over the stump. You would then need to microwave it back to *exactly* body temperature a few seconds before scanning.
Next disturbing thought exercise please...
-
Wednesday 6th March 2013 09:59 GMT Paw Bokenfohr
"blood flowing through"
Perhaps it "watches" for the flow of blood through the veins - "near-infrared rays that are absorbed by deoxidised haemoglobin present in blood flowing through the patient's palm veins".
Perhaps the "flow" part is a part of the process of building the image used for verification, and without blood flow, it's not verifiable?
-
Wednesday 6th March 2013 10:06 GMT Michael H.F. Wilkinson
Re: "blood flowing through"
If the hand is severed two changes occur either of which might be detected: (i) the blood stops flowing, leading to a change in the Doppler signal (can be integrated into fingerprint scanners as well), and (ii) the blood in the arteries also becomes deoxygenated, leading to those showing up as well. I do not know which is used.
I suddenly have this mental image of the device shouting MURDERER at 100dB when it detects a severed hand of a client. Could be a neat addition.
-
Wednesday 6th March 2013 14:23 GMT VinceH
Re: "blood flowing through"
"Perhaps it "watches" for the flow of blood through the veins - "near-infrared rays that are absorbed by deoxidised haemoglobin present in blood flowing through the patient's palm veins".
Perhaps the "flow" part is a part of the process of building the image used for verification, and without blood flow, it's not verifiable?"
And next month, the criminal underworld equivalent of El Reg will be posting a news item about a device that can be attached to a severed hand that will pump deoxidised haemoglobin through the palm veins to make the severed hand look like one that is still attached to the rest of its owner.
-
-
Wednesday 6th March 2013 10:14 GMT LarsG
Yuck
Hand print recognition on a cashpoint. I hope it comes with a role of handy wipes.
On any given day, 80% of population pick their noses, 59% do not wash their hands after going to the toilet, 30% are contagious with colds, flu and the norovirus and they are just a few of the ailments that you are likely to pick up.
Yuck
-
Wednesday 6th March 2013 10:52 GMT illiad
Re: Yuck
except that most bacteria, etc. will not survive the cold and dry conditions that ATMs normally experience.. and |I would not be surprised if the 'in bank' ATMs are regularly cleaned(just like all the other furniture :) ), and even the window cleaner gives the outside ATM a brush-over... :)
-
Thursday 7th March 2013 06:20 GMT Jin
Are all the would-be criminals so educated as to know this?
The claim that severed hands will not work does not mean that we are safe. How can the bank and Fujitsu be sure that all the would-be criminals are so educated as to be fully aware that severed hands will not work for these or those scientific reasons? The users of this bank should be prepared to be attacked by poorly-educated criminals.
-
-
-
Tuesday 12th March 2013 08:25 GMT VaalDonkie
Re: Taking bets
Note that Thomas didn't actually say he believes IR causes cancer. Rather, he said that someone is going to sue, believing this to be the case.
I work for a development and web hosting company and we had this stupid argument with the company upstairs over us wanting to install DIRECTIONAL antenna's on the roof. The lady was convinced that she will have daily headaches and develop a tumor. Explaining how directional antenna's work and that they would be facing AWAY from the building, as well as pointing out the irony of her spending hours a day on her cellular phone didn't seem to get through to her. We now joke about it being the tumor that has made her so thick.
-
Wednesday 6th March 2013 09:43 GMT Silverburn
As with all things Biometric..there's a problem...
The man in front of your at the same airport boarding gate does one or all of the following:
- Has bird flu, and sneezes into hand
- "re-arranges" himself
- picks his nose
- picks his arse
- puts his hand on the scanner to board
...would you put your hand on the same scanner immediately after him? Would you be entitled to ask for a disinfected scanner first, or a backup boarding identification method?
-
-
This post has been deleted by its author
-
Wednesday 6th March 2013 10:36 GMT Silverburn
Re: Contactless
Thank you Larry - my downvoters be aware - contactless does not always mean that, nor does it mean germ-free, what with sweat evaporation and air flow. it just needs close proximity. See also telephone microphone speakers - you don't touch that (merely breathe on it), but it's germ heaven.
-
Wednesday 6th March 2013 13:39 GMT Fred Flintstone
Re: Contactless
Thank you Larry - my downvoters be aware - contactless does not always mean that, nor does it mean germ-free, what with sweat evaporation and air flow. it just needs close proximity. See also telephone microphone speakers - you don't touch that (merely breathe on it), but it's germ heaven
So is the ATM keyboard and screen, and as you shove a card into the machine you don't quite know what the rollers have picked up from the previous card either. I guess we need one of those glove dispensers next to it you find at the diesel pump (whose main feature is that it is always empty, which makes me suspect they only hang up an empty box to start with)..
-
-
-
-
-
-
Wednesday 6th March 2013 10:09 GMT John H Woods
No real defence against live coercion ...
... except silent alarm signalling.
e.g. when you are enrolled, you are randomly assigned an orientation - fingers to 10 o'clock, 12 o'clock, 2 o'clock. Scan your hand at a different angle and it appears to work but raises a silent alarm elsewhere.
There was a UL that entering your PIN backwards at an ATM did this - retrieved your money but alerted the police. AFAIK it is just that, a UL, but the principle is not beyond the bounds of possibility.
-
Wednesday 6th March 2013 10:24 GMT M Gale
Re: No real defence against live coercion ...
I used to work in a shop like that. The alarm system had two codes: A "disarm" code, and a "duress" code. The effect was apparently identical, except the duress code would (theoretically) result in flashing blue lights and sirens arriving minutes later.
Thankfully, never got a chance to test that one.
-
Wednesday 6th March 2013 13:22 GMT M Gale
Re: No real defence against live coercion ...
"There was a UL that entering your PIN backwards at an ATM did this - retrieved your money but alerted the police. AFAIK it is just that, a UL, but the principle is not beyond the bounds of possibility."
It might be false, but that's a damned good idea.
-
Wednesday 6th March 2013 13:49 GMT Fred Flintstone
Re: silent alarm signalling against coercion
... except silent alarm signalling.
Not a chance, I've been through that with a vendor. There is no point in implementing that because it's simply not usable.
Problem 1 is that people under stress go into automatic pilot. It's already a problem to get people to memorise a simple 4 digit code, so asking them to remember another valid one under stress is not going to work. If they have to do something different to normal it is also possible that ye olde robber is well aware of that too by simple prior observation.
Problem 2 is that such a detection leads to a liability which the bank is never willing to take. Imagine you get an alarm code as a bank, what are you going to do? Warn the police? They show up, robber panics and harms client - who is responsible? Deny payment? Again, harms client. Pay but record surroundings? That already happens even for non-alarmed transactions so no added value there either. What's more, when alarmed you may have to pay back the transaction - expect plenty false alarms and fake robberies then..
Alarm signalling brings no benefit to the bank, which is the sole and single criteria a bank will use.
-
-
This post has been deleted by its author
-
-
Wednesday 6th March 2013 10:25 GMT djack
Still Snake oil
This thing is subject to the same fundamental flaws of all biometric systems. The scanner produces a static data representation of your palm. It is this data that is actually used for authentication. I the server checks if this pattern is the same as (or close enough to) the pattern stored for you during enrolment. Basically it is a long password.
What happens when (not if) password data is compromised? Easy! Simply force the user to change the password - good luck doing that with biometrics.
-
Wednesday 6th March 2013 11:26 GMT Christian Berger
Re: Still Snake oil
Exactly, and once you have a second instance using the same system, you'll have the same "secret key" on both systems. The next step is to build some sort of model hands with the right patterns. Maybe it's even possible to use some sort of modified LCD.
And that's all not taking into account brute-forcing those systems which may be possible.
-
Wednesday 6th March 2013 13:59 GMT Fred Flintstone
Re: Still Snake oil
So, what will you do with a compromised biometric data set?
All you have is a hash value, probably salted with a secondary key if the designer had a remote clue of securing access data, and you're going to use that to do what? Work back into a biometric model that will replicate someone's biometric ID elsewhere? A vein scan has a lot more data points than a fingerprint scanner (which is why you need specialist software to validate it within seconds), so good luck with creating a fake at vein depth in someone else's hand. If you want to replace someone's hash with your own you still need to create that first - you could do that by getting an entry in the system and then copying the hash, assuming the hashes are salted identically (which is not an approach I would take).
Biometrics themselves aren't the issue, it's how they are stored that is important.
-
Wednesday 6th March 2013 16:32 GMT djack
Re: Still Snake oil
I was talking about the biometric data, not any sort of hash. Once you have that and access to the data communication channel the scanner uses, the system is irreparably broken. For an ATM that may be tricky but for many other applications of this technology, it is a trivial task.
-
-
-
Wednesday 6th March 2013 10:29 GMT M Gale
So how do we subvert this system?
Well, there must be some hackers here with their devious thinking-caps on.
Personally, I'm thinking that as well as chopping the hand off, you find a blood bank and rob a bag or two. Doesn't need to be the same blood group. The blood won't coagulate in time to stop the reading.
Now, make sure your hand is at body temperature prior to placing it on the pad. Now, the main artery is plugged into a pump that pulses like a heartbeat. The pump sucks blood out of the bag, and the main vein is connected back to the bag so you don't end up with a huge pool of slippery claret on the floor.
Of course, rubber-hose cryptanalysis is also a viable attack, but that's just less fun to think up.
-
Wednesday 6th March 2013 10:57 GMT Alfred
Re: So how do we subvert this system?
It relies on the pattern of veins absorbing the emitted infra-red? Lots of ink does that too. How about we rig up a system that takes a picture of palms using the same frequency infra-red, and use that image to just generate a picture in the right ink?
I didn't give the article a really thorough read but it doesn't seem that blood has to be flowing or anything like that; just a pattern that absorbs the emitted infra-red correctly.
Failing that, it'll have a USB port on the side or a JTAG on it that we can just plug an iPhone into and politely ask it to pass everything it's shown.
-
Thursday 7th March 2013 00:34 GMT MondoMan
Re: So how do we subvert this system?
As mentioned in a comment near the top, one key feature of this system seems to be the imaging specific for oxygen-depleted hemoglobin in the blood vessels.
Remember that there are two types of main blood vessels in the hand: 1) arteries carrying oxygenated blood TO the hand and 2) veins carrying the oxygen-depleted blood AWAY from the hand. The oxygen depletion of the blood happens only in LIVING tissue *in the tiny capillary vessels in the hand tissue*.
Thus, any (literal?) hacker needs to figure out a way to image *solely* the veins. Just running oxygen-depleted blood (or its equivalent) through a severed hand will also image the arteries and won't work.
-
-
Wednesday 6th March 2013 10:47 GMT Allan George Dyer
Less severing option...
1. Invite your victim to wave their hand above your fake scanner
2. Take image of vein pattern
3. Fake scanner is linked to 3-D printer that reproduces vein pattern in plastic
4. Fill pseudo-hand with blood substitute
...
5. Profit
Selection of a suitable plastic and blood substitute to fool the real scanner is left as an exercise for the reader. If you get stopped for questioning, explaining a plastic hand with fake blood is probably easier than explaining a real one.
Headline:
Trick-or-Treaters Arrested for Bank Heist
-
Wednesday 6th March 2013 10:48 GMT Pete 2
Fixing the wrong problem
> will not work with a severed hand
If a baddie is in a position to hack a hand off someone who's bank account they wanted to raid, they would also be able to say to the victim "either we hack off both your hands (to be sure we have the correct one) or you come with us."
Given that choice I can see the victim ALWAYS choosing to do the deed with hands still intact. So the possibility, cheesy films notwithstanding, of the machine ever being offered a dead 'un is just not a real-life situation.
-
Wednesday 6th March 2013 11:32 GMT Christian Berger
Re: Fixing the wrong problem
Yes and think of the instances where the victim will be killed afterwards so he won't be a witness.
Essentially this changes a crime from "steal an EC card and find out the pin" to "kidnap and perhaps murder a person". I don't see how that's an improvement.
If you want to do something against people stealing money, start regulating investment banks more heavily.
-
Wednesday 6th March 2013 14:38 GMT PC Paul
Re: Fixing the wrong problem
ISTR Mercedes started using thumbprint recognition security on their high end cars. In the first attempted carjacking it saved the car but did lead to the owner having his thumb macheted off.
Didn't really catch on after that... there's a limit to how far you should go to protect 'stuff'.
-
Thursday 7th March 2013 01:24 GMT veti
Re: Fixing the wrong problem
It's an improvement because it makes the crime harder to commit.
Mugging to get a card and threatening to get a PIN? Easy-peasy. If you're quick on your feet, you can be back to the cashpoint before the victim has time to report the crime. (Assuming you have the elementary forethought to pinch his phone as well.)
Forcing someone to march with you at knifepoint into a public area where an unknown number of unknown people will see you both? Considerably harder, calls for a good deal more nerve and commitment on the part of the criminal.
Of course there's a workaround for the truly determined criminal. There probably always will be. But it becomes harder, and that reduces the total number of such crimes that get committed. That's a good thing.
-
-
-
Wednesday 6th March 2013 12:02 GMT Dave 15
finger vein
worked on a project using a finger vein reader... supposedly all the same advantages. However a sausage was perfectly acceptable to the system so it doesn't always need to be attached :) Besides, the amount of hassle to get it to recognise the same finger more than 1 in 10 was ridiculous.
-
Wednesday 6th March 2013 13:25 GMT Mad Mike
Body parts
Personally, I'd rather none of this is done with any part of my body. It opens far too many options.
Someone might remove the body part in an attempt to get access.
Someone might coerce or kidnap me to get access.
This becomes a means of identifying me, so if it gets compromised, my identity changes!! At the moment, the bank card etc. is not considered part of the identity process. But once confirmed with a body part; well it must be them!!
There are so many flaws in this, it defies belief.
-
Thursday 7th March 2013 10:52 GMT TeeCee
Re: Body parts
Someone might remove the body part in an attempt to get access.
"Give us your ATM card and PIN number or we'll chop your hand off.". That option already exists. Actually the current version is more effective as "Right, give it to us now or we'll chop your other hand off" is available in case of non-compliance.
Someone might coerce or kidnap me to get access.
In that case the type of security is entirely irrelevant as with you present to provide password / PIN / hand / thumb / eyeball / whatever it can always be circumvented. So that option also already exists.
Got any objections that are actually specific to biometric palm readers?
-
-
-
Wednesday 6th March 2013 15:26 GMT Charles 9
Re: Another simple solution.
Simple countermeasure. Make the booth only large enough to fit one person comfortably. Trying to drag an unconscious person into such a booth would probably be impractically crowded and take too much time (and time is the robber's worst enemy--the longer you take the more likely you're spotted). It would also help reduce the odds of the rubber-hose treatment. Even if approached mid-transaction the ATM might auto-lock the booth in that time, meaning the perp would have to perform something very violent to get in--and risk downing the victim before he completes the transaction.
-
-
Wednesday 6th March 2013 16:31 GMT BCS
Just replaces the card
It seems to me that this can just be used to replace the bank card. You swipe your hand and then type in a PIN. No different to now except you don't need to carry a card around. That would seem to be a sensible development.
For airport security, replacing a boarding card with a hand swipe seems reasonable too - you have your passport and hand rather than passport and printed piece of paper.
Just a different method of "something you have and something you know".