At the Chaos Computer Club an expert showed hot to bypass Fingerprint biometrics with a few photographs

A security expert at the conference of the Chaos Computer Club has shown how to bypass Fingerprint biometrics using only a few photographs.

Fingerprint biometrics are considered by many security experts, one of the most sophisticated authentication systems that combines security and ease of use. IT giant like Apple and Samsung are looking with great interest to the Fingerprint biometrics, both companies implement biometrics authentication for various functions available on their smartphone.

Is Fingerprint biometrics totally secure?

The German researcher Jan Krissler, aka Starbug, demonstrated at Germany’s Chaos Computer Club that also Fingerprint biometrics could be hacked.

The expert claims to have ‘copied’ the thumbprint of Germany’s Defense Minister Ursula von der Leyen from standard photos, he used a close-up image of the Minister and combined it with other photographs to compose the final print, using biometrics software called Verifinger.

 

In the past, other experts have violated the Fingerprint biometrics using copies obtained from a person who physically touched an object with a polished surface (i.e. glass).

“Hackers members of the Chaos Computer Club claim to have defeated Apple TouchID fingerprint sensor for the iPhone 5S, just after the start of its sale to the public. The Chaos Computer Club in Germany announced late Saturday to have successfully bypassed the biometric security on the Apple’s Touch ID fingerprint sensor by using materials that can be found in almost every household, it seems that they made it by photographing an iPhone user’s fingerprint from a glass surface and using that captured image to verify the user’s login credentials.” I wrote in a post in September 2013.

In April 2014, SRLabs researchers have published a video Proof of Concept on YouTube to demonstrate that they were able to bypass the fingerprint authentication mechanism implemented by Samsung Galaxy S5. The researchers demonstrated to gain unauthorized access just by using a lifted fingerprint with wood-glue based dummy finger.

This time Krissler showed how these it is possible to reach the same goal using a “standard photo camera.”

“Krissler said he used commercially available software called VeriFinger to pull off the feat. The main source was a close-up picture of von der Leyen’s thumb, obtained during a news conference in October, along with photographs taken from different angles to get an image of the complete fingerprint.”  reported a post on venturebeat.com.

Starbug believes that after his presentation “politicians will presumably wear gloves when talking in public”, and probably he is right 😉

Fingerprint biometrics is still considerable secure, anyway, it is more secure of many other methods of authentication.

“The site comments, ‘Even if reproducing a fingerprint was a viable method for breaking into a system, be it a smartphone or a high-security vault, this news doesn’t mean that fingerprints are suddenly useless. Perfect security measures do not exist, and fingerprints definitely still have their place.” continues the VentureBeat.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Authentication, Fingerprint biometrics)

[adrotate banner=”13″]