Forging Biometrics: Photos & Fingerprints

TL;DR

Yes, biometric photos and fingerprints can be forged, though it’s becoming harder. Humans taking the data introduce vulnerabilities. This guide explains how forgeries happen and what steps are taken to prevent them.

How Biometric Photos Can Be Forged

1. Photo Substitution: The simplest method is replacing a legitimate photo with one of someone else.

• Weaknesses: Poor identity verification at the point of capture (e.g., no ID check, quick visual inspection only).
• Mitigation: Strict ID checks, live face detection software, and comparing the photo to other known images.

Morphing/Deepfakes: Advanced techniques create realistic but fake photos by blending features from multiple faces or generating entirely new ones.

• Weaknesses: Sophisticated algorithms are needed, but they’re becoming more accessible. Detection relies on subtle inconsistencies in lighting, texture, and blinking patterns.
• Mitigation: Specialised anti-spoofing software that analyses video feeds for micro-expressions and unnatural movements. Regular updates to detection models are crucial as forgery techniques evolve.

Printed Photos: High-quality printed photos can sometimes fool basic scanners, especially if the scanner resolution is low.

• Weaknesses: Scanner quality and lighting conditions.
• Mitigation: Higher resolution scanners with infrared or 3D depth sensors to detect paper thickness and surface irregularities.

Presentation Attacks (Spoofing): Using a printed photo, video of the person on a screen, or a realistic mask.

• Weaknesses: Systems that rely solely on 2D image analysis.
• Mitigation: Liveness detection – requiring the person to blink, smile, or turn their head during capture. 3D face mapping and infrared scanning are effective against masks and videos.

How Fingerprints Can Be Forged

1. Fake Fingers: Creating a replica of someone’s fingerprint using materials like silicone, gelatin or even wood glue.

• Weaknesses: Older scanners are easily fooled by high-quality fake fingers.
• Mitigation: Capacitive sensors (measure electrical properties), ultrasonic sensors (use sound waves to create a 3D map of the fingerprint) and multi-spectral imaging (detects both surface and subsurface features).

Lifted Prints: Obtaining a latent print from a surface and transferring it onto another medium.

• Weaknesses: Requires access to surfaces touched by the target individual.
• Mitigation: Regular cleaning of frequently touched surfaces, using sensors that detect live skin properties (e.g., blood flow).

Cut and Paste Fingerprints: Combining parts of different fingerprints to create a new one.

• Weaknesses: Requires detailed knowledge of fingerprint patterns and access to high-resolution fingerprint images.
• Mitigation: Advanced algorithms that analyse the overall ridge flow and minutiae points (unique features) for inconsistencies.

Human Error/Circumvention: A human operator might be tricked into accepting a fake print or photo if they don’t follow proper procedures.

• Weaknesses: Lack of training, fatigue, coercion.
• Mitigation: Thorough background checks and ongoing training for operators. Automated systems with minimal human intervention are preferred. Dual authentication methods (e.g., fingerprint + PIN) add an extra layer of security.

Preventing Biometric Forgery

1. Multi-Factor Authentication: Combining biometrics with other forms of verification (PIN, password, token).
2. Liveness Detection: Ensuring the biometric data is coming from a live person.
3. Sensor Technology: Using advanced sensors that are difficult to spoof (capacitive, ultrasonic, multi-spectral imaging).
4. Regular Updates: Keeping software and algorithms up-to-date to counter new forgery techniques.
5. Secure Data Storage: Protecting biometric data from theft or misuse. Encryption is essential.
6. Human Oversight & Training: Properly training personnel involved in biometric data capture and verification.