Politician’s fingerprint ‘cloned from photos’ by hacker

Source BBC

Hacker Jan Krissler claims to have cloned the fingerprint of a German politician using standard photographs taken at an event. A member of the Chaos Computer Club (CCC) hacker network claims to have cloned a thumbprint of a German politician by using commercial software and images taken at a news conference.

Jan Krissler says he replicated the fingerprint of defence minister Ursula von der Leyen using pictures taken with a « standard photo camera ». Mr Krissler had no physical print from Ms von der Leyen. Fingerprint biometrics are already considered insecure, experts say.Mr Krissler, also known as Starbug, was speaking at a convention for members of the CCC, a 31-year-old network that claims to be « Europe’s largest association » of hackers.

‘Wear gloves’

He told the audience he had obtained a close-up of a photo of Ms von der Leyen’s thumb and had also used other pictures taken at different angles during a press event that the minister had spoken at in October. Mr Krissler has suggested that « politicians will presumably wear gloves when talking in public » after hearing about his research. Fingerprint identification is used as a security measure on both Apple and Samsung devices, and was used to identify voters at polling stations in Brazil’s presidential election this year, but it is not considered to be particularly secure, experts say.

Living biometrics

« Biometrics that rely on static information like face recognition or fingerprints – it’s not trivial to forge them but most people have accepted that they are not a great form of security because they can be faked, » says cybersecurity expert Prof Alan Woodward from Surrey University. « People are starting to look for things where the biometric is alive – vein recognition in fingers, gait [body motion] analysis – they are also biometrics but they are chosen because the person has to be in possession of them and exhibiting them in real life. »

In September this year Barclays bank introduced finger vein recognition for business customers, and the technique is also used at cash machines in Japan and Poland. Electronics firm Hitachi manufactures a device that reads the unique pattern of veins inside a finger. It only works if the finger is attached to a living person.

Trials in the intensive care unit at Southampton General Hospital in 2013 indicated that vein patterns are not affected by changes to blood pressure.