A member of the Chaos Computer Club has shown how you can use photos to reconstruct a person's fingerprint — and to prove his point, he replicated the thumbprint of the German defense minister, Ursula von der Leyen.
For years, security experts have been warning about the inadequacies of fingerprint biometrics. It's a particularly worrying assessment, when you consider how many devices now rely on this technology. This point was driven home a few days ago by Jan Krissler, aka "Starbug," at the 31st annual conference of the Chaos Computer Club in Hamburg where he reproduced von der Leyen's thumbprint using a few photos and some software. DW reports:
Krissler explained that he didn't even need an object that von der Leyen had touched to create the copy. Using several close-range photos in order to capture every angle, Krissler used a commercially available software called VeriFinger to create an image of the minister's fingerprint.
Along with fellow hacker Tobias Fiebig, Krissler has been working at the Technical University of Berlin on research into weaknesses of biometric security systems. Krissler pulled a similar stunt in 2008 with a fingerprint of then interior minister and current Finance Minister Wolfgang Schäuble.
The photos of von der Leyen, which were taken at a conference in October, were captured by a regular camera.
"Biometrics that rely on static information like face recognition or fingerprints — it's not trivial to forge them but most people have accepted that they are not a great form of security because they can be faked," noted cybersecurity expert Alan Woodward in a BBC article. "People are starting to look for things where the biometric is alive — vein recognition in fingers, gait [body motion] analysis — they are also biometrics but they are chosen because the person has to be in possession of them and exhibiting them in real life."
Top image: Starbug/CCC