30 December 2014

Fingerprint 'cloned from photos'


The BBC has an article by Zoe Kleinman about the latest surprising hack:
A member of the Chaos Computer Club (CCC) hacker network claims to have cloned a thumbprint of a German politician by using commercial software and images taken at a news conference.
Jan Krissler (photo) says he replicated the fingerprint of Defense Minister Ursula von der Leyen using pictures taken with a "standard photo camera". He had no physical print from von der Leyen. Fingerprint biometrics are already considered insecure, experts say.
Krissler, also known as Starbug, was speaking at a convention for members of the CCC, a thirty-year-old network that claims to be "Europe's largest association" of hackers.
He told the audience he had obtained a close-up of a photo of von der Leyen's thumb and had also used other pictures taken at different angles during a press event that the minister had spoken at in October of 2014.
Krissler has suggested that "politicians will presumably wear gloves when talking in public" after hearing about his research.
Fingerprint identification is used as a security measure on both Apple and Samsung devices, and was used to identify voters at polling stations in Brazil's presidential election this year, but it is not considered to be particularly secure, experts say.
"Biometrics that rely on static information like face recognition or fingerprints; it's not trivial to forge them, but most people have accepted that they are not a great form of security because they can be faked," says cybersecurity expert Professor Alan Woodward from Surrey University in the UK.
"People are starting to look for things where the biometric is alive - vein recognition in fingers, gait [body motion] analysis - they are also biometrics but they are chosen because the person has to be in possession of them and exhibiting them in real life."
In September of 2014, Barclays Bank introduced finger vein recognition for business customers; the technique is also used at cash machines in Japan and Poland. Electronics firm Hitachi manufactures a device that reads the unique pattern of veins inside a finger. It only works if the finger is attached to a living person. Trials in the intensive care unit at the UK's Southampton General Hospital in 2013 indicated that vein patterns are not affected by changes to blood pressure.
Rico says just what we did not need... (And can't these hackers put their considerable skills to work on something we do?)

No comments:

Post a Comment

No more Anonymous comments, sorry.