Biometric security is under the spotlight after a hacker claimed to have “cloned” the thumbprint of the German defence minister using nothing more than commercial software and a photograph.

The development, if proven, will worry experts already concerned at the security implications of using fingerprints for authentication purposes.

Cloned Fingerprint

The fingerprint claim was made by a member of the Chaos Computer Club (CCC) hacker network. According to the BBC, Jan Krissler said he replicated the fingerprint of German defence minister Ursula von der Leyen using high res pictures taken with a “standard photo camera”.

A YouTube video of his demonstration (in German) is available here.

Krissler is also known as Starbug and was speaking at a convention for members of the CCC. He reportedly said he had no physical print from von der Leyen, but has suggested that “politicians will presumably wear gloves when talking in public” after hearing about his research.

It is not known at this stage if he managed to produce an exact replicate of the German politician’s fingerprint.

Krissler claimed to have obtained a copy of von der Leyen’s fingerprint using a close-up photo of her thumb during a press conference. He also used other pictures taken at different angles to build up her fingerprint using software called VeriFinger.

Fingerprint identification is used as a security measure on a number of mobile handsets, but for years now experts have warned that fingerprints are not particularly secure.

Fingerprint Hacks

In September for example, mobile security firm Lookout warned that the iPhone 6 could be hacked with a fake fingerprint.

Lookout revealed how a fingerprint of the phone user from a glass surface was photographed – first with 2,400 dots per inch (dpi) resolution. The image was then tidied up, inverted and laser-printed at 1,200dpi onto a transparent sheet with a thick toner setting. Next, white woodglue was smeared into the pattern created by the toner on the sheet. Once set, the print was lifted from the sheet, breathed on to add some moisture, then placed onto the sensor to unlock the phone. Lookout’s recommendation is to introduce two-factor authentication.

And earlier in the year, ethical hackers showed how simple it was to bypass Samsung Galaxy S5 fingerprint authentication. The researchers from Security Research Labs (SRLabs) re-used a fingerprint mould from their exploitation of the Apple iPhone 5S in 2013, which required “no additional effort whatsoever”. The fake print was based on a camera phone photo “of an unprocessed latent print on a smartphone screen”.

“Biometrics that rely on static information like face recognition or fingerprints – it’s not trivial to forge them but most people have accepted that they are not a great form of security because they can be faked,” cybersecurity expert Prof Alan Woodward from Surrey University was quoted by the BBC as saying.

“People are starting to look for things where the biometric is alive – vein recognition in fingers, gait [body motion] analysis – they are also biometrics but they are chosen because the person has to be in possession of them and exhibiting them in real life,” he reportedly said.

Love security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago