Touch ID
How secure are your fingerprints? According to German researchers, scammers can replicate them with a high-quality photo of your digits.
The Chaos Computer Club presented at the Chaos Communication Congress (31C3) this weekend, during which Jan Krissler (known online as Starbug) outlined how he reproduced the fingerprint of Ursula von der Leyen, Germany's Federal Minister of Defense. Basically, Krissler photographed the minister during a public presentation, and was able to get high-quality snaps of her fingers as she gesticulated during her talk.
Krissler then made a copy of those prints, which could presumably be used to gain access to anything protected by her biometric data, the BBC said.
"After this talk, politicians will presumably wear gloves when talking in public," Krissler boasted in a statement.
Of course, anyone who replicated the fingerprint of an official like von der Leyen would also need access to her device - a smartphone or PC, for example - in order to break in. So the hack is a bit labor-intensive for the average hacker just trying to gain access to the personal information of random targets. But if fingerprints are used for something like unlocking doors in the future, it could be problematic.
In his statement, however, Krissler said the discovery means people who do actually use fingerprint scams will no longer have to steal objects touched by their targets in order to lift prints. "In the past years, it was successfully demonstrated a number of times how easily fingerprints can be stolen from its owner if a person touched any object with a polished surface (like a glass or a smartphone)," he said.
This is not the first time Chaos Computer Club has targeted fingerprints. A week after the Apple iPhone 5s launched last year, the club successfully unlocked the device using a fake fingerprint. "This demonstrates—again—that fingerprint biometrics is unsuitable as [an] access control method and should be avoided," the group said at the time.
Earlier this year, meanwhile, researchers from Germany's Security Research Labs (SRLabs) revealed "how flaws in the implementation of fingerprint authentication in the Samsung Galaxy S5 expose users' devices, data, and even bank accounts to thieves and other attackers."
The news comes as more major phone makers - from Samsung to Apple - have added fingerprint scanners to their smartphones.