Fingerprint scanners may be all the rage right now, thanks to the Apple iPhone and Samsung Galaxy devices. But the cool tech may have just hit a major snag. Hackers claim they can lift fingerprints from hi-res photos with fingers in the frame.
At the 31st annual Chaos Computer Club conference in Hamburg, Germany, Jan Krissler (aka “Starbug”) revealed to the European hacking group how he duplicated a thumbprint—and not just anyone’s. He duped the digit of German Defense Minister Ursula von der Leyen.
There’s no special equipment required. Krissler used a few high-resolution photos—with the pads of von der Leyen’s fingers showing at different angles—to cobble together a complete print. Given how good photographic technology has gotten, consumer- and prosumer-grade cameras could easily do the job. Add commercial software VeriFinger to the mix, and you’ve got a trick worthy of spy movies.
Given the rising interest in fingerprint authentication, the hacker jokes that now “politicians will presumably wear gloves when talking in public.”
For the rest of us, there’s no reason to fear using, say, TouchID-enabled Apple Pay, at least not yet. This sort of exploit requires a targeted effort around one specific subject. However, it does illustrate one thing: As new and innovative security practices and technologies emerge, hackers find new and creative ways to foil them.
That’s unsettling enough when our logins and emails get leaked. (Just ask Sony.) But biometric authentication, like retina and fingerprint scanning, adds a new dimension to security concerns. After all, passwords are easy to change. Fingers and eyeballs, not so much.
If you speak German and want to watch Krissler in action, check out the video below.
https://www.youtube.com/watch?v=pIY6k4gvQsY
Lead photo by Kārlis Dambrāns; other photos from YouTube video by Gefahren von Kameras für (biometrische) Authentifizierungsverfahren [31c3]