Chaos Computer Club hacker, Jan Krissler, and hacker associate Tobias Fiebig, recently revealed that he has engineered a way to lift fingerprints utilizing a simple digital camera. Fingerprints, unique and original, were the ideal tool for authentication behind retina scans. Krissler came along and repeatedly has challenged that assertion. He successfully lifted a fingerprint last Saturday at the Chaos Communication Congress (31C3). In his demonstration at the conference, Krissler created a digital remake of Ursula von der Leyen’s finger using VeriFinger, a product that is readily available to the general public. Von der Leyen is Germany’s current Federal Minister of Defense.
In October, Krissler, known online as Starbug, had high resolution pictures taken of von der Leyen’s fingers while standing nine feet away at a presentation. According to Krissler, he was unable to confirm that the federal defense minister’s fingerprint was accurate but remained confident that it was a functional reprint. Krissler told CNET that he reenacted the process using his finger with the same camera at the same distance.
Von der Leyen’s office said in a comment that they were not aware of the presentation and declined further comment. According to the BBC, Krissler made copies of the prints and quite possibly had access to anything protected by her fingerprints.
The new-found revelation brings to the forefront the credibility of fingerprint scanners. The scanners have been in public existence since the 1990s but Apple’s move to add the TouchID to the iPhone5S has raised the question once more about biometric scanners. HTC and Samsung quickly followed suit adding their own biometric readers to select phones.
The inclusion of the scanner replaces the need to enter a pre-programmed code to unlock the smartphone or verify a purchase in the case of Apply Pay. Several hackers came out after the TouchID launch to prove the weakness of the readers using fake prints but even those demonstrations required the physical access to the print. With Krissler, that was no longer the case. Apple, Samsung, and Synaptics were unavailable for comment after this revelation.
Demonstrating how one would lift a fingerprint using a digital camera is not Krissler’s first time attacking the efficacy of biometric scanners. He was the first person to show how to fool the iPhone5S system with wood glue to fake a print when it was released last year. In 2008 he revealed a reprint of Wolfgang Schaeuble’s fingerprint who was the interior minister for Germany at the time.
Frank Rieger, Chaos Computer Club spokesman, said that it was naïve to consider using something that is left everywhere and cannot be changed as a security tool. Researchers have proven since then that the tech giant, Apple, had not rectified the problem using fake prints and that the iPhone 6 and 6 Plus were susceptible.
In Krissler’s statement, he noted that criminals who lifted prints for fingerprint scams for gain would no longer need to pilfer physical objects touched by the target with the help of a digital camera. German researchers from Security Research Labs (SRLabs) acknowledged that the increased move to biometric authentication in smartphone technology exposed the consumer to hacks and unauthorized entry more than protecting him or her.
By Stevenson Benoit
Photo by Bram Cymet – Flickr License