The papillary ridges of our fingers define us as unique in the universe. That is why our fingerprints are being used more in the biometric security field; our finger conceals a password that is difficult to steal.
Computers and smartphones are already adopting this technology. The iPhone 6 and Samsung Galaxy S5 incorporate a fingerprint scanner so that you are the only one who can unlock your phone. With this system, you can supposedly rest easy in the knowledge that if your phone is stolen, the thief will be left flabbergasted when he realizes that he cannot access the valuable data stored on it.
However, we are sorry to tell you that there is a way of getting your fingerprint and don’t think that we are going to talk about amputating one of your limbs. A few photos of your finger can now be used to copy every tiniest detail of your fingerprint and impersonate you, as demonstrated by security expert Jan Krissler, alias “Starburg”, in a conference organized by the Chaos Computer Club, one of Europe’s largest hacker communities.
Last year, the Chaos Computer Club announced that it had managed to hack the iPhone 5S fingerprint scanner. Now, they have moved on from hacking the security of the device to hacking the security of a finger, without even needing to have physical contact.
Krissler explained that he had copied the fingerprint of German Defense Minister, Ursula von der Leyen, without needing an object that the politician had touched. All he needed was a few photos taken with a standard camera (one of them from her press office) to discover all of the data that the minister has in her fingerprint. In order to carry out the experiment, he combined various images showing von der Leyen’s finger from different angles.
This hacker used Verifinger, a commercial fingerprint identification software, to clone the minister’s thumbprint using the photos. A simple method for getting the fingerprint of anyone you want.
“After this talk, politicians will presumably wear gloves when talking in public,” said the hacker during the presentation. We do not know if the minister will be as happy about this cloning and will now be obsessed with hiding her hands in future public appearances.
Jan Krissler, who has researched weakness in biometric security systems at the Technical University of Berlin, demonstrated the effectiveness of his method during the conference. This is not the first time that the hacker has demonstrated that the famous biometric techniques, which base their security on unique features of our body (the fingerprint, retina, iris or facial features), are not as secure as we thought. This hacker reproduced in 2008 the fingerprint of the German Minister of the Interior at the time, now Minister of Finance, Wolfgang Schäuble.
According to Krissler, iris, facial and fingerprint scanners can be fooled easily. “I consider my password safer than my fingerprint… My password is in my head, and if I’m careful when typing, I remain the only one who knows it”.Â
Even our body is no longer a safe place if a hacker has the brilliant idea of copying our features. So, if you have an iPhone, perhaps the next time you use the fingerprint sensor, you will bear in mind that someone could copy your beautiful finger using a few Facebook pictures that show your fingers from different angles. However, you can rest more easily knowing that your data is not as interesting as that of a politician and no hacker is going to take the trouble to copy your fingerprint. Anyone who is not content with that does not want to be.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
