Biometric security is under the spotlight after a hacker claimed to have “cloned” the thumbprint of the German defence minister using nothing more than commercial software and a photograph.
The development, if proven, will worry experts already concerned at the security implications of using fingerprints for authentication purposes.
The fingerprint claim was made by a member of the Chaos Computer Club (CCC) hacker network. According to the BBC, Jan Krissler said he replicated the fingerprint of German defence minister Ursula von der Leyen using high res pictures taken with a “standard photo camera”.
A YouTube video of his demonstration (in German) is available here.
It is not known at this stage if he managed to produce an exact replicate of the German politician’s fingerprint.
Krissler claimed to have obtained a copy of von der Leyen’s fingerprint using a close-up photo of her thumb during a press conference. He also used other pictures taken at different angles to build up her fingerprint using software called VeriFinger.
Fingerprint identification is used as a security measure on a number of mobile handsets, but for years now experts have warned that fingerprints are not particularly secure.
In September for example, mobile security firm Lookout warned that the iPhone 6 could be hacked with a fake fingerprint.
Lookout revealed how a fingerprint of the phone user from a glass surface was photographed – first with 2,400 dots per inch (dpi) resolution. The image was then tidied up, inverted and laser-printed at 1,200dpi onto a transparent sheet with a thick toner setting. Next, white woodglue was smeared into the pattern created by the toner on the sheet. Once set, the print was lifted from the sheet, breathed on to add some moisture, then placed onto the sensor to unlock the phone. Lookout’s recommendation is to introduce two-factor authentication.
And earlier in the year, ethical hackers showed how simple it was to bypass Samsung Galaxy S5 fingerprint authentication. The researchers from Security Research Labs (SRLabs) re-used a fingerprint mould from their exploitation of the Apple iPhone 5S in 2013, which required “no additional effort whatsoever”. The fake print was based on a camera phone photo “of an unprocessed latent print on a smartphone screen”.
“Biometrics that rely on static information like face recognition or fingerprints – it’s not trivial to forge them but most people have accepted that they are not a great form of security because they can be faked,” cybersecurity expert Prof Alan Woodward from Surrey University was quoted by the BBC as saying.
“People are starting to look for things where the biometric is alive – vein recognition in fingers, gait [body motion] analysis – they are also biometrics but they are chosen because the person has to be in possession of them and exhibiting them in real life,” he reportedly said.
Love security? Try our quiz!
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
US prosecutors confirm earlier reports, demand Google sells off Chrome web browser and end default…