Hackers Can Steal/Reproduce Someone Else’s Fingerprints From Public Photos; Resolution Good Enough To Fool Most Fingerprint Security/Authentication Systems
Emil Protalinski. writing on the December 28. 2014 website, VB News, notes that The Computer Chaos Club, Europe’s largest association of hackers, claims it can reproduce someone’s fingerprints — from a couple of photos that show your fingers. At the 31st annual Computer Chaos Club Convention in Hamburg, Germany, Jan Krissler, also know by his alias — “Starbug,” explained how he copied the thumbprint of German Defense Minister Ursusla von der Leyen,” Mr. Protalinski wrote.
“We’ve seen before how fingerprints can be copied from a person who touched any object with a polished surface (like a glass, or a smartphone),” Mr/ Protalinski notes Krissler showed how these biometrical attributes can be snatched without having first to obtain the physical objects. Instead, he explained how fingerprints can be snatched from a persons at a public events by using a “standard photo camera.” Because these fingerprints can be used for biometric authentication, Starbug believes that after his talk, “politicians will presumably wear gloves when talking in public.”
Krissler claims he “used commercially available software, called — VeriFinger — to pull off the feat. The main source was the a close-up picture of von der Leyen’s thumb, obtained during a news conference in October, along with photographs taken from different angles to get an image of the complete fingerprint.” The resolution is good enough, The Computer Chaos Club warned, to fool [most] fingerprint authentication systems.
“If anyone can really use this method…as easily as described, it could potentially be a big blow to the use of fingerprints for [mobile devices and laptops] for security/authentication purposes. Nonetheless.” Mr. Protalinski says, “this is no reason to stop using them: It’s important to keep the findings in perspective. Even if reproducing a fingerprint was a viable method for breaking into a system, be it a smartphone, or a high-security vault, — this doesn’t mean that fingerprints are suddenly useless. They can be more secure than PIN codes in many cases, and can always be used in conjunction with them, or other types of passwords for multiple layers of security.”
Implications For The Intelligence Community, Law Enforcement, Military, Critical Infrastructure Protection
Obviously, this technique/method has implications for the U.S. Intelligence Community, both from a collection standpoint, as well as cover implications for our operatives. It seems more and more that it is becoming nearly impossible to keep someone undercover for very long anymore. Biometrics, identity management, DNA-shedding, Iris scanning, body scans at airports and elsewhere, our digital exhaust, and now this. This also makes protecting our critical infrastructure facilities more difficult — as a determined adversary has a myriad of methods, means, time, and resources needed to eventually get through the firewall — be they physical, or digital. V/R, RCP