Saturday, January 10, 2015

Hackers Recreate Fingerprints Using Public Photos

Fingerprints – Means of Ascertaining Identity 

Fingerprints have been used as a means of ascertaining a person’s identity for quite some time since 1900 and for the past 10 years or so; it has begun to get fairly common in the form of digital fingerprint readers. It first showed up on expensive laptops and external peripherals in enterprise settings and recently on smartphones like the latest iPhones and the Galaxy S5.A recent cyber security convention in Hamburg, the `Chaos Computer Club’ demonstrated on how someone’s fingerprint could be used which was done by analysing photographs.

Fingerprints could be developed from smudges on windows and from other smooth surfaces. Earlier forgers used tapes, scanner or some plastic material and glue in order to build a fingerprint which could fool scanners. A member of Chaos Computer Club, a European hacker association, showed the possibility of reproducing someone’s fingerprint and probe into systems that were protected by biometric fingerprint scanners, by using a photo of the finger.

A snap or a photo of a celebrity waving their hand could be sufficient to implement this task. The member of the CCC managed to get hold of the fingerprint of Germany’s defence minister Ursula von der Leyen from a photo which was taken during a press conference, which if the German government would use biometric access control systems, could be a kind of security breach.

Hacker Create Fingerprint from Public Photos

Jan Starbug Krissler, the hacker, portrayed his findings at Chaos Communication Congress recently. With the photo of von der Leyen’s thumb gained from a press conference, somewhere in October, together with some other photos of her thumb from various angles, he managed to rebuild her thumbprint with the use of commercially available software – VeriFinger.

Thereafter he used the thumbprint to develop a real world dummy by printing it out on a mask and exposed the mask to create a negative of the print on a substrate. He then filled the negative with wood glue in order to create a positive fingerprint. On testing it showed that this technique could trick Apple’s TouchID sensor. According to Chaos Computer Club, it states that this is the first time a fingerprint has been deceived so far and the group leader, Starbug has informed that he was capable of creating a thumbprint of Ursula von der Leyen, the German Minister of Defence, from several of her news photos.

Need for Fingerprint Security Systems

Starbugobtained the print of the fingerprint from the photos on the tracing paper and then copied it to a plastic board. Thereafter he covered it in graphite making a dummy print by coating the plastic in wood glue. In one of the demonstration, the dummy print managed to trick Apple’s TouchID – APPL, Tech30 that controls Apple Pay.

A statement made by the group states that there would be no need to steal objects carrying the fingerprints anymore and after this talk, politicians would probably wear gloves henceforth while talking in public. The Club also states that the presentation needs the validity of fingerprint security systems and it would be difficult to do any useful thing with the German Defence Minister’s fingerprints though one could use the hacking method to intrude into a friend’s iPhone.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.