Don’t Wave: Hacker Uses Online Photos to Replicate Fingerprints, Bypass Biometric Security

If you think the biometric security on your phone or front door are enough to keep your personal information or belongings safe, think again.

German hacker Jan Krissler, who operates under the handle Starbug, has demonstrated that a simple photograph posted online can be used to recreate your fingerprint using commonly available imaging software.

One expert has recreated the fingerprints of Germany’s Minister of Defence, Ursula von der Leyen, using just a photo of her.

The security researcher known as Starbug, used publicly available software called VeriFinger with photos of the finger taken from different angles.

Starbug, whose real name is Jan Krissler, told attendees of the Chaos Computer Club’s (CCC) 31st annual congress in Hamburg, Germany, how he achieved the hack.

Mr Krissler obtained a high-resolution photograph of the politician’s thumb using a ‘standard photo camera’ during a press conference.

He also used other ‘good quality’ photos of the politician, taken from a variety of angles.

From these images, he reconstructed an accurate thumbprint using the VeriFinger software.

This software is good enough, according to CCC, to fool fingerprint security systems.

‘These fingerprints could be used for biometric authentication,’ it wrote in a blog post.

Source: The Daily Mail

In this particular demonstration Krissler used several photos and ran them through a software application called Verifinger to recreate the minister’s fingerprint.

In the future, as biometric fingerprint technologies become more prevalent, such a hack could be even easier than stealing someone’s wallet. A simple wave of your hand to someone taking a picture and then posting it online could now become a major security threat and could be a boon to identity thieves. All that an unscrupulous individual would need is a picture of your fingerprint. With high resolution cameras now embedded on most smart phone devices photographs of a particular target could be downloaded directly from a social media page or an image sharing web site. Or, someone can simply snap a photo of your hand from a few feet away as you pass them on the street.

In a recent blog post, Starbug says that once replicated the copycat print can easily defeat biometric authentication:

The questionable validity of security claims by the vendors of fingerprint systems will be even more disputed after this presentation.

But how can you defeat such a simple method for stealing your identity?

Starbug provides a tried and true solution. “After this talk, politicians will presumably wear gloves when talking in public.”

Source:: ShtfPlan

Leave a Reply

Your email address will not be published. Required fields are marked *