Swiss researchers found a way to spoof finger veins (idiap)
It’s pretty convoluted and involves some feedback from the sensor that would likely be unavailable in a real-world deployment, but it worked.
See video:
This kind of thing makes fingerprint spoofing even harder
Samsung patent suggests multi-fingerprint e-wallet authentication and gesture control (Android Authority)
Applications for fingerprint scanning are quite limited at the moment…
The future may hold a bigger promise, however. A patent application made by Samsung indicates that the company may be working on an even more innovative use of fingerprint scanning for authentication. In the patent application, Samsung describes several methods for authenticating a purchase, such as through PIN, password, pattern, and even fingerprint scans. An interesting addition is the inclusion of multiple fingers for stronger authentication.
Uncertainty over which fingerprint was used — or in the not too distant future, which combination of fingerprints are used — would go a long way towards making the already difficult task of fingerprint spoofing even harder.
Samsung Galaxy S5 Fingerprint Sensor Security Already Hacked And Compromised (Hot Hardware) — Our perspective on this sort of thing hasn’t changed since we wrote this heavily linked post in response to the same demonstration on Apple hardware a few months back.
Long story short: It’s not that easy to do, and convenient fingerprint security is way better than not doing anything at all, which is what many of us are doing now.
More context for fake fingers
Here’s what you need to know about the Apple TouchID “hack” (GigaOM)
So for most people this won’t be a problem. And indeed, if you’re the type who forgoes passcodes because they slow you down, it’s better to use TouchID than to use no security at all. Also, it’s not like we’re talking about someone hacking into the phone’s secure A7 chip.
But do remember that, compared with passcodes, the inclusion of biometric access can in certain circumstances make it just that little bit easier for someone to get into your phone. And if that phone carries secrets that others really want to steal, you may want to bear this new risk in mind.
Keeping Biometric System Vulnerabilities in Perspective
Biometric security hacks threaten to ruin the KeyLemon party (Wired)
As biometric security systems from companies such as KeyLemon are increasingly introduced to devices, spoofing attacks are becoming more common and sophisticated. The Tabula Rasa project aims to prevent these security breaches.
Lots of good stuff in the article. Just remember, lock-picking is spoofing, too, and if you use unattended facial recognition for access control, be very suspicious of that strange person that wants to “interview” you using her camera phone.