Biometric security is being hailed as the ultimate protection against digital theft. But a group of ethical hackers have proven that even fingerprints can be easily forged using commercially available tools.
A speaker at the yearly conference of the Chaos Computer Club showed how relatively easy it was to fake fingerprints using only a few photographs. To prove his point, the speaker successfully copied the thumbprint of the German defense minister. Confident that he had “lifted” the fingerprints, Jan Krissler, also known by his alias “Starbug,” told a conference of hackers, he could now easily steal her identity via the most powerful of all protections currently being used.
Speaking at the 31st annual conference of the Chaos Computer Club in Hamburg, Krissler highlighted the dangers in relying on security technology, by virtually gaining access to fingerprints of German Defense Minister Ursula von der Leyen. Moreover, he assured he could lay his hands on anyone’s biometric markers — and without the victim ever “touching” an object. Krissler used commercially available software called VeriFinger to create an image of the minister’s fingerprint using several close-range photos in order to capture every angle.
Working with his fellow hacker Tobias Fiebig at the Technical University of Berlin, Krissler has been researching on ways to exploit vulnerabilities and weak-points of biometric security systems. Surprisingly, this isn’t the first time Krissler has been able to crack biometric security. Krissler pulled a similar stunt in 2008 with a fingerprint of then Interior Minister and current Finance Minister Wolfgang Schäuble.
Krissler strongly believes that any determined individual or a team can easily outsmart biometric security systems. There are systems that can use these prints or iris scans to verify identity. He even managed to fool a system that relies on the facial recognition algorithm to restrict access. A simple photograph of a person was enough to bypass the security. No wonder, last year Krissler made a comment about how he trusted his passwords far more than his fingerprints.
The Chaos Computer Club, or CCC, is the largest hacker organization in Europe which offers a platform to ethical hackers. The organization holds conferences where these hackers expose the vulnerabilities of security systems that are considered mainstream and standard.
Fingerprints and iris patterns are considered the ultimate form of security the world over. However, hackers already have tools readily available that can make small work of these biometric identity verification systems.
[Image Credit: Biometric Update]