South Korean Woman Tricks Fingerprint Scanner in Japan
Back in April 2008, a South Korean woman who was banned from entering Japan for 5 years slipped through security at airports using a fake password and some special tape. The immigration control system in Japan features a state-of-the-art biometrics fingerprint scan. Each person is scanned, and their fingerprints are cross-checked with a database containing fingerprints of fugitives and foreigners with deportation records. However, the system, which cost $40+ million USD to implement all over Japan, was defeated using special tape on her fingers.
This security vulnerability came into light when the South Korean woman was spotted in Nagano, Japan in August 2008. She was questioned before being deported, revealing that a South Korean broker supplied her with a fake passport and special tape to trick the fingerprint scanners. It is believed that many other foreigners have entered the country in the same fashion.
It’s interesting to note that the fingerprint scanner was an additional security measure on top of checking passports. The details of the exploit aren’t mentioned in the article, but it may have been the case that the new fingerprint scanners were heavily relied upon to establish identity, and the passports may not have been as closely scrutinized. Preventive measures may have included a closer inspection of passports as a well as someone to stand by the fingerprint scanner to verify there’s no “tape” or any trickery going on. Of course, ideally a state-of-the-art fingerprint scanner wouldn’t be tricked by some sort of tape. But without recovering some of the special tape, it may be difficult to design against such an attack. Additionally, the problem with security with hardware is that it’s difficult to fix. You can’t just patch it like you can with software. The biometric scanners cost over $40 million USD, and upgrading them all would be very costly.
What’s interesting about this particular use of a fingerprint scanner that makes it easy to circumvent in this fashion is that rather than establishing an identity to grant access, it establishes identity to deny access. Creating a random fingerprint that doesn’t match a fugitive is much easier than creating a specific fingerprint that matches someone with priviledged access.
It’s not clear how the Japanese have reacted to this incident, but I’m sure if such an event occured in the US, there would be a lot of outcry about what a waste of money it was to implement such systems if they can be so easily circumvented. The question now is, how does one address the issue without spending millions more?
The straight-forward and costly answer is to redesign all the fingerprint scanners. This would require some of the tape in order to test against. This is probably a very costly route. Another option is to disregard the security issue and go after the source, the South Korean broker that supplied the tape — a route that the Japanese will probably pursue regardless. Yet another option is to place other security measures to either strengthen the rest of the immigration process (after all, the fake passport defeats the system as well) or to monitor the fingerprint devices more carefully. Likely airports will implement the latter option, since it is relatively cheap and may satisfy the public. However, in general, the public’s trust and belief in high-tech security measures such as biometrics may be somewhat shaken.
This article can be found in several places: [Sydney Morning Herald] or [Daily Yomiuri Online]
Comment by vkirst
January 16, 2009 @ 1:10 pm
I’m not sure exactly how these fingerprint scanners are used, but I wonder if it’d be possible to hire staff to run and monitor each of the scanners. That is, their job could be to ensure people are not tampering with the scanner, do not have tape on their fingers, etc. Of course, it’d be expensive to employ all these people, but probably less expensive than replacing all the hardware.
After all, even if this particular bug is fixed, it is likely there are other ways to trick the machine — it’d be very hard to trick the machine if you were forced to use your bare hands. Employing staff to ensure proper use of the machines would likely prevent most bugs from being exploited.
Comment by elenau
January 16, 2009 @ 4:19 pm
I agree with Victoria. The problem with the scanner’s vulnerability could be easily solved by hiring some staff to monitor and make sure that scanners are not being used inappropriately. It will cost extra, of course, but it will still be better than replacing the scanners.
In my opinion, even though, clearly, scanners have some security holes, they are not at all worthless. They can perform valuable identification, which humans are not able to do well. Here representatives that checked the documents were easily fooled by a fake passport.
However, it is not that easy to fool a scanner, if used correctly. One can see that both authentication techniques conducted at the airport have their strength and weaknesses. If the two are combined, instead of being performed separately at a different time, it can lead to better results.
For example, a better combination could be a representative standing next to the scanner. This way the passport is being checked, and proper use of scanner is monitored. If representatives pay attention, unauthorized person will not be able to sneak in.
It seems that the scanners’ design was not thought through enough. Even on the cheaper, less important machines it is recommended to use white listing instead of black listing techniques to grant permission. As mentioned in the post, it is easier to create a random fingerprint that does not match a fugitive than to create one that matches a privileged user.
Comment by seraphim
January 16, 2009 @ 5:33 pm
In agreement with other comments, I believe a more robust and comprehensive design would have solved this problem. Artificial means of spoofing scanners have been realized as a threat before this incident. A simple addition of a double-check system could prove to be an inexpensive solution (though specific). Chemical sensors on the fingerprint touchpad could ward against artificial fingerprint spoofs, and depending on price may be less expensive than hiring more personnel. Additionally, as more biometric scanning procedures become feasible (iris scanning, etc), adding those will undoubtedly help the machines’ security.
The overall lesson to take away from this should be that multiple measures increase the security of any given system. An easily-forged (and most likely not thoroughly checked when biometrics were available) passport and a fingerprint scan are far less secure than a passport check, whole-handprint scan, and iris scan.
Comment by devynp
January 16, 2009 @ 6:51 pm
It is an irony that such an expensive machine still does not do its job perfectly. This proves that adversaries in security are malicious and clever, and there is always ways to attack security from ANY areas.
This fingerprint trick couldn’t have worked if there is another authentication technique used in the airport security system. For example, verifying if the traveler’s picture matches with the picture on the passport or having people to enter a PIN number.
Comment by alyssa86
January 16, 2009 @ 9:17 pm
I agree with most of the others that the fingerprint machines shouldn’t be replaced or upgraded necessarily, but the airport should have people monitoring the machines.
One possible way they could do this is by splitting up the method of identification. One person checks passport since the article said the passport checking had become somewhat superficial and one person checks the fingerprints, people could get randomly assigned to the fingerprint or the passport checking and that way they wouldn’t know which one they were trying to beat and the airport employee would be forced to scrutinize and look at the passport carefully or make sure that there is nothing beating the fingerprint machine.