Chaos Computer Club’s annual meeting in Hamburg, Germany had an unusual demonstration that showcased how fingerprints can be cloned from a standard-quality photo, eliminating the need of a physical imprint. Security researcher known as Starbug showed how he obtained photographs of Germany’s Minister of Defence, Ursula von der Leyen’s finger from various angles and reconstructed an accurate thumbprint using the publicly available VeriFinger software.
“In the past years, it was successfully demonstrated a number of times how easily fingerprints can be stolen from its owner if a person touched any object with a polished surface (like a glass or a smartphone),” Chaos Computer’s Club wrote on their blog. “This time new, sometimes surprising ways to gather biometrical attributes will be introduced. With this knowledge there will be no need to steal objects carrying the fingerprints anymore.”
Starbug’s new method of creating fingerprints using photographs testifies that anyone with the necessary skill could do the same without a physical print, and only with a standard phone-clicked photo.
At the event, after demonstrating the new hack, Starbug challenged Apple who claimed that their new iPhone with a fingerprint sensor was ‘much more secure than previous fingerprint technology’. He said, “As we have said now for more than years, fingerprints should not be used to secure anything.”
The hack puts serious questions on validity of security claims by the vendors of fingerprint systems. “After this talk, politicians will presumably wear gloves when talking in public,” said Starbug of the Chaos Computer Club (CCC).