If you think the biometric security on your phone or front door are enough
to keep your personal information or belongings safe, think again.
German hacker Jan Krissler, who operates under the handle Starbug,
has demonstrated that a simple photograph posted online can be used to
recreate your fingerprint using commonly available imaging software.
One expert has recreated the fingerprints of Germany’s
Minister of Defence, Ursula von der Leyen, using just a photo of her.
The security researcher known as Starbug, used publicly available software
called VeriFinger with photos of the finger taken from different angles.
Starbug, whose real name is Jan Krissler, told attendees of the Chaos
Computer Club’s (CCC) 31st annual congress in Hamburg, Germany, how he
achieved the hack.
Mr Krissler obtained a high-resolution photograph of the politician’s
thumb using a ‘standard photo camera’ during a press conference.
He also used other ‘good quality’ photos of the politician, taken from a
variety of angles.
From these images, he reconstructed an accurate thumbprint using the VeriFinger
software.
This software is good enough, according to CCC, to fool fingerprint
security systems.
‘These fingerprints could be used for biometric authentication,’ it wrote
in a blog
post.
Source: The Daily Mail
In this particular demonstration Krissler used several photos and ran them
through a software application called Verifinger to recreate the minister’s
fingerprint.
In the future, as biometric fingerprint technologies become more
prevalent, such a hack could be even easier than stealing someone’s wallet. A
simple wave of your hand to someone taking a picture and then posting it
online could now become a major security threat and could be a boon to
identity thieves. All that an unscrupulous individual would need is a picture
of your fingerprint. With high resolution cameras now embedded on most smart
phone devices photographs of a particular target could be downloaded directly
from a social media page or an image sharing web site. Or, someone can simply
snap a photo of your hand from a few feet away as you pass them on the
street.
In a recent blog post, Starbug says that once replicated the copycat
print can easily defeat biometric authentication:
The questionable validity of security claims by the vendors of fingerprint
systems will be even more disputed after this presentation.
But how can you defeat such a simple method for stealing your identity?
Starbug provides a tried and true solution. “After this talk, politicians
will presumably wear gloves when talking in public.”