Back in 2013, the hackers of Chaos Computer Club, Europe’s largest association of hackers, had demonstrated the blatant security flaws of biometric fingerprint scanners when they successfully unlocked an iPhone 5s using an artificial fingerprint reconstructed from a photograph of a fingerprint on a glass surface. Little more than a year later, Jan Krissler, also known by his alias “Starbug,” demonstrated at the 31st annual Chaos Computer Convention (December 28th) that skilled hackers can snatch these same biometrics from a mere photograph of your hand taken by a “standard photo camera” — no fingerprint on a polished surface necessary.
Krissler explained that he replicated the fingerprint of Ursula von der Leyen, the Defense Minister of Germany, using a close-up photograph of her thumb and a few other select photos taken from different angles during an October press conference. These images were then spliced together using a commercially available software called VeriFinger to produce a complete fingerprint capable of fooling biometric authenticators.
Following his presentation, Krissler half-jokingly suggested that politicians, such as von der Leyden (pictured above), should start wearing gloves when speaking publicly.
Over the last few years, fingerprint biometric technology has proliferated, securing not just Apple and Samsung devices, but also polling stations in foreign countries, padlocks, and more. The new findings are not expected to change this practice anytime soon, although security experts such as Professor Alan Woodward, from Surrey University, advocate that biometric security needs to expand beyond fingerprints and also look for signatures indicating where the biometric is alive, “vein recognition in fingers, gait [body motion] analysis – they are also biometrics but they are chosen because the person has to be in possession of them and exhibiting them in real life.” Barclays bank has already begun to do this, having introduced a vein recognition system in Japan and Poland. The system, manufactured by the Japanese electronics firm Hitachi manufactures, reads the unique pattern of veins inside a finger while verifying that finger is alive.
Source: BBC
Advertisement
Learn more about Electronic Products Digital
