Hacker Copies Fingerprint from Public Photos

Europe’s largest hacker organization Chaos Computer Club (or CCC) notes a good reason why you should continually wear gloves (not just winter): anyone with a decent camera can reproduce your fingerprints. To demonstrate, CCC member Jan Krissler (alias Starbug) copied the thumbprint of German Defense Minister Ursula von der Leyen, then explained to the audience how he did it (via VentureBeat).

Biometric identity theft

The stunt took place in Hamburg, Germany at the 31st annual Chaos Computer Club Congress on Dec. 27, 2014. Starbug took the opportunity to demonstrate how professional cybercriminals can easily steal fingerprints from their owner without the need to obtain an object (such as a glass or smartphone) touched by the targeted person.

Since Apple uses biometrics — the fingerprint sensor incorporated into the Home button — to secure your iPhone (5s, 6 and 6 Plus) and iPad, and the stolen fingerprints can therefore be used for biometric authentication, Krissler’s discovery raises the red flag, and he considers that now, “politicians will presumably wear gloves when talking in public.”

To achieve the desired result, the hacker was using a publicly available program called VeriFinger. His main source was a close-up image of the defense minister’s thumb captured during a news conference this October. Nonetheless, he still required additional pictures to get a complete image of the fingerprint.

Bypassing Touch ID isn’t new: it was hacked shortly after Apple launched the iPhone 5s by the same hacker. However, back then Krissler used a photo of the original fingerprint obtained by capturing the object he previously touched.

Image credit: Gizmodo