Fingerprint biometrics are entering the mainstream as a security measure, with both Apple and Samsung relying on biometrics to secure their flagship phones - but they may not be as secure as many believe, according to a German researcher.
Ubergizmo reports that a speaker at Germany’s Chaos Computer Club, Jan Krissler, claims to have ‘copied’ the thumbprint of Germany’s Defense Minister from standard photos, in machine-readable form.
Speaking at the 31st annual Chaos Computer Club, Krissler, alias Starbug, explained how he used a close-up image of Ursula von der Leyen’s thumb, combined with other photographs to assemble the print, using biometrics software called Verifinger.
Biometrics - as secure as we believe?
It is possible to lift prints from any object a person has touched, CCC says, but this demonstration shows that prints for public figures could, in theory, be reproduced from ordinary news photographs.
‘After this talk, politicians will presumably wear gloves when talking in public,’ said Starbug.
Any attacker using such a method would still have to have access to a machine which could fabricate a latex ‘fake’ fingerprint, and also to the biometrics device demanding authentication.
An outdated measure?
Venturebeat points out that regardless of the new technique, fingerprints are still more secure than some security measures, such as PIN codes.
The site comments, ‘Even if reproducing a fingerprint was a viable method for breaking into a system, be it a smartphone or a high-security vault, this news doesn’t mean that fingerprints are suddenly useless. Perfect security measures do not exist, and fingerprints definitely still have their place.’
In a previous report, The Register threw doubt on the idea that fingerprint authentication systems such as those used in Samsung’s Galaxy Note 4 and iPhone 6 were secure enough for government figures.
The site says, 'The trouble is, they're not terribly secure – at least, not by the standards of government work. Hackers demonstrated a way to fool the Galaxy S5's fingerprint scanner using a fake fingerprint made of wood glue four days after the phone launched,’ the site commented.