Something of this magnitude can’t expected to have happened in past couple of years but now, according to a member of the Chaos Computer Club, which is a European hacker association (on the similar lines of Cult of the Dead Cow in the united states of America) it is possible.
They have successfully shown that it is quite possible to clone or reproduce anyone’s fingerprints. This clone can be used to break into anyone’s system, which is protected by the biometric fingerprint scanners. They just need the photo of someone’s fingers. According to the club, they do not need any close up photos; any photos with the celebrity waving the hands even from a far distance will do the trick.
Considering this case, the CCC was able to get their hands on the fingerprint of Germany’s defense minister Ursula von der Leyen through a photo, which was taken during a press conference. This could easily be considered as a security breach if the German government uses biometric access control systems.
The findings:
The findings were presented by Jan “Starbug” Krissler, the hacker at the Chaos communication congress. He was able to recreate the thumbprint of the minister by using a photo of the minister, which was taken at the press conference, and some other photos, which have take the picture of her thumb from multiple angles. He used one of the commercially available software called Verifinger Software.
Jan created a real world dummy by using this thumbprint. He started by printing it on a mask and then exposing the same to create a negative print on a substrate. Then he filled the negative with wood clue and created a new positive fingerprint. In case of testing, this technique can pose serious threat to Apple’s TouchID sensor and just in case the minister has Apple iphone then the company can seriously get her into trouble. By this, the company is hoping that the German government is not relying on fingerprints to control their military systems.
What is the drawback?
With the digital fingerprint readers becoming very common now and it is being on laptops to high-end expensive smartphones. The biggest problem with fingerprints is that they can give false positive, negative and even multiple readings of the same print and give out different results. Even though fingerprints are the best means of identification, still security and forensic communities are looking forwards towards more techniques that are reliable.
DNA sequencing is being considered a one of the best means of forensic identification, and vein matching and gait analysis are best options for control access. This technique is called living biometrics and as the name suggest it is only valid until the person is alive. This technique is already in use in Poland and Japan at some of their ATM’s.
If you are among the people who are using fingerprints for access control, it might be a good time to switch over to something more reliable.