Chaos Computer Club (CCC), the largest hacker association in Europe, recently proved that biometric security technologies relying on fingerprint scanning are far from safe. Starbug, one of CCC’s most outstanding members and security researchers, revealed during the Chaos Computer Club’s 31st annual congress that he was able to copycat Germany’s Minister of Defense’s fingerprint using a few press photos and a publicly available software.
In 2013, CCC hackers have managed to bypass Apple’s fingerprint authentication systems using simple household appliances to make a latex replica of a thumbprint.
Jan Krissler, a.k.a. Starbug, used photos of Ursula von der Leyen’s finger taken from different angles during a press conference. He later edited these photos in VeriFinger app, a software designed for biometric system integrators.
Mr. Krissler said at the annual conference of hackers that he had attended a press conference and took a high resolution photo of Mrs. von der Leyen’s thumb using only a standard photo camera. Then, he compiled that photo with good quality photos provided by the press in the VeriFinger software and he was finally able to obtain an identical thumbprint.
The CCC community now warns that fingerprint security systems could easily get hacked by individuals with the necessary skills. Fake fingerprints could be used in fooling biometric authentication systems.
CCC hackers have previously showed how easily fingerprints could be stolen if they remain imprinted on a shiny surface such as a smartphone’s touchscreen. However, the new method to bypass fingerprint authentication is the first to use only a photograph of a finger.
CCC also said that this new found method could allow hackers remotely steal fingerprints with no need of stealing the electronic devices that carried the fingerprint’s trace. Hackers also warned that anybody could get their thumbprint stolen just by posting pertinent photos on a social network for instance.
Starbug found the situation very funny and said that after the CCC conference German politicians would certainly wear gloves during their press conferences. Starbug became notorious among his fellow hackers after he had managed to bypass iPhone 5 S’ fingerprint sensor just two days after the phone’s release date.
Starbug used a photo of a thumbprint left on a glass surface, scanned it and printed it with a laser printer onto a transparent sheet of paper. Afterwards, he poured wood glue on the printed fingerprint image and let it dry out. Once it had dried, Starbug peeled off the latex sheet and use it for authentication purposes on the iPhone’s fingerprint scanner. He was successful in unlocking the handset.
Before launching the iPhone 5S, Apple said that the newly integrated fingerprint sensor made the phone ‘much more secure than previous fingerprint technology.’
Starbug also said that people should not use fingerprints to secure anything since they leave them everywhere and it is far too easy to make fake fingers out of their traces.
Image Source: Privacy Data Systems