According to a report in the Canberra Times, a student with the Australia National University has discovered many biometrics systems can be fooled into giving an ?O.K.’ on verification by using information stored within the software.

The student, Chris Hill, postulated in his honors thesis that most biometrics systems contained data derived from the facial or fingerprint, rather than a copy of the facial or fingerprint image itself. As part of his thesis, he tried his theory out on a commercially available system, and cracked it successfully.

According to Hill, he simply worked out the way in which the system stored its template information, and used manufactured images with features similar enough to the original fingerprints to fool it. “Really, all I had to do was crack the code of the template, so the images I created that were accepted by the security system did not even look like thumbprints – they just displayed the characteristics required by the computer program,” he told the paper.

http://www.canberratimes.com.au/ http://www.infosecnews.com/sgold/news/2002/06/19_01.htm