Chaos Computer Club Demonstrates How to Reproduce Fingerprints Using Public Photos

Monday December 29, 2014 2:14 AM PST by Richard Padilla
The Chaos Computer Club (CCC) claims that it can reproduce fingerprints to overcome security measures from simple photos of a user's fingers, reports VentureBeat. CCC member Jan "Starbug" Krissler presented his method for recreating a fingerprint at the group's annual convention in Hamburg, Germany over the weekend, as he generated the thumbprint of German Defense Minister Ursula von der Leyen by using a public photo and computer program VeriFinger.

cccfingerprint
Image credit: Gizmodo
Instead, he explained how fingerprints can be snatched from persons at public events by simply using a “standard photo camera.”

The main source was a close-up picture of von der Leyen’s thumb, obtained during a news conference in October, along with photographs taken from different angles to get an image of the complete fingerprint.
The CCC demonstrated last year how it could bypass Apple's Touch ID fingerprint sensor with a photo of the original user's fingerprint. The newest method presented by the group does not require a hacker to obtain a physical object to recreate the fingerprint, although Krissler notes that other security methods like facial recognition can also easily be fooled through similar means. The group and Krissler hope to highlight the potential exploits in newer technology, and also noted that additional security layers like passwords should also be activated to secure information properly.

87 comments


Top Rated Comments

(View all)
Avatar
Rud3Bwoy
60 months ago
This is why I scanned my toe print instead
Rating: 24 Votes
Avatar
LordDeath
60 months ago

What a pathetic and criminal waste of effort.


Why??

He is just showing the conceptional weaknesses of biometrical authentication. You are leaking this data everywhere without any control over it and unlike passwords you can't change your fingerprints or iris that easily.

Please have a look at: http://blog.dustinkirkland.com/2013/10/fingerprints-are-user-names-not.html

In my opinion it is very ethical to point out these issues to a broader audience.
Rating: 23 Votes
Avatar
silentmajority
60 months ago
Boy, are they going to be disappointed after they go through all that trouble to get access to my iPhone...
Rating: 14 Votes
Avatar
silentmajority
60 months ago
I understand what and why they are doing this, but the fact is that the TouchID works better than 4-digit password. I don't have the TouchID activated because I am expecting Fort Knox I have it activated to keep unwanted people (not necessarily nefarious people) from picking up my phone and texting, calling, snooping through my stuff without my knowledge or permission.

Now if someone were to steal it they would have to go through all the steps listed above before I notice my phone was stolen and before I use 'Find My iPhone' to disable it.

The security of your phone is dependent on more than just the TouchID.

The TouchID remains the best security on a mobile device that is currently on the market. It's not perfect. It's not hack proof, but it is the best.
Rating: 13 Votes
Avatar
Mike MA
60 months ago

What a pathetic and criminal waste of effort.


Well, they're basically pointing towards security issues and also consult in this area, they are not criminal or hackers.
Rating: 9 Votes
Avatar
Zxxv
60 months ago
The world gives us nice things and people spoil them with their dishonesty.

Honesty - The best security known to humankind
Rating: 6 Votes
Avatar
2457282
60 months ago
I think for most people this is not a problem - who is going to go to all the trouble of taking pictures of my fingers and creating a fake print to get into my phone? Now if I were someone well known, this could be a problem. Or if I were in trouble with the authorities they can use this to get into my phone.

I think this is important to undertand and look at as it validates the need for two factor authentication in some situations.
Rating: 5 Votes
Avatar
Rogifan
60 months ago
So did someone actually bypass Touch ID using a fingerprint from a smartphone camera? In order to do it on mine someone would need a photo of my thumb. Where are they getting that from? I don't take photos of my thumb and neither does anyone I know.

----------

I think for most people this is not a problem - who is going to go to all the trouble of taking pictures of my fingers and creating a fake print to get into my phone? Now if I were someone well known, this could be a problem. Or if I were in trouble with the authorities they can use this to get into my phone.

I think this is important to undertand and look at as it validates the need for two factor authentication in some situations.


Do we have an example of police or government agencies forcing someone to take photos of their fingers and then using those photos to create a fake fingerprint to get access to your device? Sounds like something tin-foil hat wearers would believe but never happen in real life.
Rating: 5 Votes
Avatar
chuloo
60 months ago
I always wear gloves when I sleep, in case some is trying to snap a photo of my thumb I'll notice.
Rating: 5 Votes
Avatar
mercuryjones
60 months ago
Ha! Fooled them. I used someone else's fingerprint as my unlock. Of course, everytime I want to unlock my phone, I have to track that person down, but at least "they" can't get into my phone with a picture of my fingerprint.
Rating: 4 Votes
[ Read All Comments ]