Simon Says – Musings of a Technology CTO

This week CNET news reported on some interesting, new ways of bypassing facial recognition technology built into newer laptops. The reporter (Dong Ngo) published an interesting article which shows an easy way of bypassing the software from companies such as Lenovo, Toshiba and Asus that are shipped on popular laptops. By using a slightly modified picture of the correct recipient, one can easily fool the software.

They demonstrated this by capturing the recipient’s face from a Skype video session and printing it out on paper.

Of course, this is not the first time we’ve seen big problems with built-in biometric devices – by definition, anything built-in is going to be low cost/mass market. Does anyone remember the famous “gummy finger” paper from a few years ago which showed how a capacitive fingerprint scanner could be defeated by a simple gummy (Jelly for British readers) finger. Then there’s the issue that most embedded readers are simply scanners – they don’t do any hardware validation of the print, that’s all done in (insecure) software (though this is changing).

Finally, there are the numerous reports of people whose fingers have indistinct prints, causing matching algorithms to go to 5000:1 and below quality levels. Many readers don’t work if your finger is cold/hot/dirty/wet etc. I even know a developer who has no fingerprints at all due to 20 years of typing code…

Though I hate to say it, passwords are still here to stay for the foreseeable future. 10 years ago the prediction was that the world would move towards smartcards, 5 years ago it was biometrics. In 2004 even Bill Gates himself predicted the “death of the password,” though I think that was originally predicted by IBM 30 years ago.
Talking of predictions by Mr. Gates, I was disappointed to find that the famous “640KB should be enough for anyone” quote never came from him and that it’s an urban legend. Such a shame, as it’s quotes like that which made me aspire to be a technologist.