Back in April 2008, a South Korean woman who was banned from entering Japan for 5 years slipped through security at airports using a fake password and some special tape.\u00a0 The immigration control system in Japan features a state-of-the-art biometrics fingerprint scan.\u00a0 Each person is scanned, and their fingerprints are cross-checked with a database containing fingerprints of fugitives and foreigners with deportation records.\u00a0 However, the system, which cost $40+ million USD to implement all over Japan, was defeated using special tape on her fingers.<\/p>\n
This security vulnerability came into light when the South Korean woman was spotted in Nagano, Japan in August 2008.\u00a0 She was questioned before being deported, revealing that a South Korean broker supplied her with a fake passport and special tape to trick the fingerprint scanners.\u00a0 It is believed that many other foreigners have entered the country in the same fashion.<\/p>\n
It’s interesting to note that the fingerprint scanner was an additional security measure on top of checking passports.\u00a0 The details of the exploit aren’t mentioned in the article, but it may have been the case that the new fingerprint scanners were heavily relied upon to establish identity, and the passports may not have been as closely scrutinized.\u00a0 Preventive measures may have included a closer inspection of passports as a well as someone to stand by the fingerprint scanner to verify there’s no “tape” or any trickery going on.\u00a0 Of course, ideally a state-of-the-art fingerprint scanner wouldn’t be tricked by some sort of tape.\u00a0 But without recovering some of the special tape, it may be difficult to design against such an attack.\u00a0 Additionally, the problem with security with hardware is that it’s difficult to fix.\u00a0 You can’t just patch it like you can with software.\u00a0 The biometric scanners cost over $40 million USD, and upgrading them all would be very costly.<\/p>\n
What’s interesting about this particular use of a fingerprint scanner that makes it easy to circumvent in this fashion is that rather than establishing an identity to grant access, it establishes identity to deny access.\u00a0 Creating a random fingerprint that doesn’t match a fugitive is much easier than creating a specific fingerprint that matches someone with priviledged access.<\/p>\n
It’s not clear how the Japanese have reacted to this incident, but I’m sure if such an event occured in the US, there would be a lot of outcry about what a waste of money it was to implement such systems if they can be so easily circumvented.\u00a0 The question now is, how does one address the issue without spending millions more?<\/p>\n
The straight-forward and costly answer is to redesign all the fingerprint scanners.\u00a0 This would require some of the tape in order to test against.\u00a0 This is probably a very costly route.\u00a0 Another option is to disregard the security issue and go after the source, the South Korean broker that supplied the tape — a route that the Japanese will probably pursue regardless.\u00a0 Yet another option is to place other security measures to either strengthen the rest of the immigration process (after all, the fake passport defeats the system as well) or to monitor the fingerprint devices more carefully.\u00a0 Likely airports will implement the latter option, since it is relatively cheap and may satisfy the public.\u00a0 However, in general, the public’s trust and belief in high-tech security measures such as biometrics may be somewhat shaken.<\/p>\n
This article can be found in several places: [Sydney Morning Herald]<\/a> or [Daily Yomiuri Online]<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Back in April 2008, a South Korean woman who was banned from entering Japan for 5 years slipped through security at airports using a fake password and some special tape.\u00a0 The immigration control system in Japan features a state-of-the-art biometrics … Continue reading