http://www.theregister.co.uk/content/55/25400.html
Have biometric systems developed to the point where theycould be a viable alternative to passwords and PINs? The answer is a resounding "nein", according to comprehensive tests of 11 consumer-orientated biometric products by German technology magazine c't The results are timely - the biometric security (which includes enterprise products outside the scope of the test) market will be worth more than E500 million euro this year, according to industry estimates. c't looked at a variety of fingerprint scanners and Webcam sensors designed to identify users by either iris scans or facial recognition. Contrary to the marketing claims of developers, c't found that the devices were "more of the nature of toys than of serious security measures". c't gave biometrics a resounding thumbs down, after fooling a large number of devices with simple tricks and finding some unusable. In its attempts at outfoxing the protective programs and devices, c't concentrated on deceiving the systems with the aid of simple procedures (such as the reactivation of latent images) and forgeries, such as silicon fingerprints. It also achieved some success in eavesdropping on the communication (via the USB port) between a computer and the sensor and using this information in replay attacks to fool recognition systems. It didn't try to hack into biometric data directly, though this might be another fruitful avenue of attack.
