Breaking Fingerprint Security with Photographs

Wednesday, December 31, 2014
German Defense Minister Leyen speaks at press event where hacker Krissler photographed her hands (photo: Mehmet Kaman, Anadolu Agency/Getty Images)

Technology protected with safeguards based on fingerprint identifications won’t be protected for long, hackers in Europe claim.

 

Jan Krissler, a member of the hacker network known as the Chaos Computer Club (CCC), claims he managed to replicate the fingerprint of Germany’s defense minister, Ursula von der Leyen, using an ordinary camera and conventional computer software.

 

Speaking at a CCC convention in Hamburg, Krissler told club attendees that he took high-resolution photos of Leyen’s hands as she moved them while speaking at a press conference, then worked with the images on his computer to duplicate her fingerprints. This would allow him, he said, to hack into any of Leyen’s accounts protected by biometric scanners on any high-end smart phones she might own.

 

The hacker, who goes by the online name Starbug, admitted that his success may force politicians to wear gloves in public to avoid having their fingerprints stolen by hackers like him.

 

Experts agreed that using fingerprints as a security measure is not wise because they can be copied.

 

“Biometrics that rely on static information like face recognition or fingerprints – it’s not trivial to forge them but most people have accepted that they are not a great form of security because they can be faked,” cybersecurity expert Prof Alan Woodward from Surrey University told the BBC News.

 

Well aware of the risks in using fingerprints, organizations such as Barclays Bank have been reaching beneath the skin’s surface to adopt a more foolproof means of security: Finger vein recognition, whereby a device reads the unique vein patterns inside a person’s finger. The technology is also being employed at ATM machines in Poland and Japan.

 

Krissler’s undertaking isn’t the first time the CCC has had a hand in swiping the fingerprints of German government officials. In March 2008, the group lifted the fingerprints of two-time Federal Minister of the Interior Wolfgang Schäuble and published them in its magazine, Datenschleuder (“data slingshot”).

 

Founded in Germany in 1981, the CCC considers itself to be “Europe’s largest association” of hackers.

- Danny Biederman, Noel Brinkerhoff

 

To Learn More:

Politician's Fingerprint 'Cloned from Photos' by Hacker (by Zoe Kleinman, BBC News)

Hacker Demonstrates How To Fake Fingerprint Sensors Using Regular Photographs (by Thomas Halleck, International Business Times)

Starbug: Ich sehe, also bin ich ... Du (YouTube, German)

Comments

Leave a comment

captcha