Hacker Uses Photos to Copy Fingerprint: Hello, Identity Thieves
A speaker at the Chaos Computer Club annual conference showed how fingerprints of others can be copied using only a few pictures. As a demonstration, the speaker copied the thumbprint of Ursula von der Leyen, the Defense Minister of Germany.
"Starbug," who has the real name of Jan Krissler, revealed to attendees of the 31st year of the Chaos Computer Club conference in Hamburg, Germany, that he had copied the thumbprint of von der Leyen, in a statement that highlighted the potential dangers of entrusting protection to security technology.
In his speech, Krissler said that he did not require an object that was touched by von der Leyen to create the copy of her thumbprint. Krissler only used several pictures of the defense minister taken at close range and at different angles, and then ran through the pictures though VeriFinger, a piece of software that is available commercially. The result was a copy of the thumbprint of von der Leyen.
Krissler works with Tobias Fiebig, a fellow hacker, at the Technical University of Berlin for research into the weaknesses of security systems that utilize biometrics. Krissler demonstrated a similar feat back in 2008 when he copied the fingerprint of Wolfgang Schäuble, then the Interior Minister and now the Finance Minister of Germany.
With the demonstration, Krissler intends to show that companies using biometric systems should rethink their security options, as these systems that utilize fingerprints and iris scans can be tricked. Krissler provides additional examples of facial recognition software which is bypassed by a photograph of a person, as well as the ability of the fake fingerprints that he is able to make to fool the fingerprint sensor of an iPhone.
Krissler added that PIN codes of users can even be extracted from the reflection of the code in the pupils of users while they take selfies.
In a report by Spiegel Online last year, Krissler commented that he had more trust on his passwords compared to his own fingerprints.
The Chaos Computer Club is the biggest organization for hackers in Europe, and has been defending privacy for data along with drawing needed attention to potentially damaging security issues.
For their 31st annual convention, the motto is "A new dawn." According to Chaos Computer Club spokesperson Falk Garbsch, the motto relates to the need for a new beginning in security technology, especially amid revelations of the massive surveillance operations being conducted worldwide by Edward Snowden. The primary focus of this year's annual conference is security breaches in mobile communications.