Hackers Say They Can Copy Your Fingerprint From Just a Photograph

Illustration for article titled Hackers Say They Can Copy Your Fingerprint From Just a Photograph

Right now in Hamburg, Germany, the largest European hacker association, the Chaos Computer Club (CCC), is holding its 31st annual congress that's a four-day fest of all things hacking. Other than having a pretty rad name, CCC is well-known for detailing all the crazy (and sometimes scary) shit they can do. They've just added another one to the list.


On Saturday, security researcher and biometrics expert Jan Krissler, known as Starbug, detailed in an hour-long presentation (German) how he recreated German Defense Minister Ursula von der Leyen's fingerprints using only a "standard photo camera" and publicly available software called VeriFinger.

Illustration for article titled Hackers Say They Can Copy Your Fingerprint From Just a Photograph

After obtaining a high-res image of von der Leyen's thumb during a press conference, and securing other photos taken from different angles, Krissler was able to reconstruct an accurate thumbprint using VeriFinger. CCC says the recreation can fool fingerprint-based security systems.

As VentureBeat points out, this doesn't completely denounce biometrics as a reliable form of security, but it does show a pretty big hole that can be exploited and really only stresses that fingerprint security, Touch ID or otherwise, should only be one layer to your secure digital life.

Regardless, Krissler does seem to have at least some advice for our world's leaders — wear gloves.

Image via Marko Poplasen/Shutterstock



Barry Wombleton

Sure it seems impressive, but:

1) To take the photo of ONE print is hard enough, but all 10? You don't ever know which digit is being used to unlock a device or bypass a security check point.

2) If you're wearing gloves in public or keep your palm side out of sight (i.e. palms down, hands in pockets, hands partially closed, etc.) then hacking the correct print becomes a much harder goal to obtain.

3) Starbug (really they couldn't come up with a better name?) was only able to personally take ONE photo of the minister's thumb. He then had to acquire several more photos to complete the hack. How many do you need? So only taking one clear shot won't do it.

Again with any media article it's all about sensationalism and stating that there's a "pretty big hole that can be exploited..." is misleading. Biometrics is still one of the more reliable methods of security for most people. Maybe another layer added to it wouldn't hurt those in a position of power, but TouchID and other fingerprint security methods are reliable.