Krissler said he used commercially available software calledVeriFinger to pull off the feat. The main source was a close-up picture of von der Leyen’s thumb, obtained during a news conference in October, along with photographs taken from different angles to get an image of the complete fingerprint.
Friday, 19 August 2016
Touch ID hackers attempt to take things to next level, no need for physical fingerprint
The hacker who successfully used a fingerprint captured from an iPhone to fool Touch ID now believes it may be possible to perform the same hack without needing access to a physical fingerprint.Speaking at this year’s Chaos Computer Club convention, Jan Krissler – who uses the alias Starbug – demonstrated how a fingerprint can be generated from a series of ordinary photographs of someone’s finger …
VentureBeat reports that he demonstrated the capability by photographing the thumb of German Defense Minister Ursula von der Leyen, using this to generate a fingerprint …
It’s worth noting that at this point, Krissler has not yet demonstrated an ability to combine the two approaches by using a photographed fingerprint to fool Touch ID, and that even if he is able to do so, the attack method is non-trivial. Last year’s video demonstrating the approach showed that it required 30 hours of work to pull off the first time, and would likely take several hours subsequently.
As we noted last time, the hack requires a considerable amount of time, effort, skill and equipment, and is not something the average iPhone user need be too concerned about.
Tests performed using the hack showed that while it still worked on the iPhone 6, Apple had improvedboth the security and reliability of the sensor in the new models.
Hackers can steal your fingerprint from a PHOTO: Copycat print could be used by criminals to fool security systems
|Hackers have used photos to recreate the fingerprint (stock image) of a German politician|
Hackers have already proved they can bypass Apple's fingerprint scanner using a collection of household items to make a latex replica print.
And now, one expert has recreated the fingerprints of Germany’s Minister of Defence, Ursula von der Leyen, using just a photo of her.
The security researcher known as Starbug, used publicly available software called VeriFinger with photos of the finger taken from different angles.
Starbug, whose real name is Jan Krissler, told attendees of the Chaos Computer Club’s (CCC) 31st annual congress in Hamburg, Germany, how he achieved the hack.
Mr Krissler obtained a high-resolution photograph of the politician’s thumb using a ‘standard photo camera’ during a press conference.
He also used other 'good quality' photos of the politician, taken from a variety of angles.
From these images, he reconstructed an accurate thumbprint using the VeriFinger software.
This software is good enough, according to CCC, to fool fingerprint security systems.
‘These fingerprints could be used for biometric authentication,’ it wrote in a blog post.
Hackers have previously demonstrated how easily fingerprints can be stolen from an individual who has touched a shiny surface, such as a smartphone screen,
But CCC said that with ‘this knowledge there will be no need to steal objects carrying the fingerprints anymore,’ meaning that people could potential steal someone's fingerprint identity from photos posed on social networks, for example.
Starbug said: ‘After this talk, politicians will presumably wear gloves when talking in public.’
|One expert has recreated the fingerprints of Germany’s Minister of Defence, Ursula von der Leyen (stock image), using photos taken at a press conference. From these images, he reconstructed an accurate thumbprint using the VeriFinger software.This software is good enough to fool fingerprint security systems|
|A security researcher known as Starbug, used the publicly available software, plus a variety of photos of a finger taken from different angles to replicate the fingerprint. Starbug previously hacked Apple's iPhone 5S fingerprint sensor (pictured) just two days after the phone launched in 2013|
In September 2013, hackers from CCC used a photograph of a fingerprint on a glass surface, scanned it and then used a laser printer to print it onto a transparent sheet.
They then poured latex milk or white wood glue into the print pattern created by the toner onto a transparent sheet.
Once the glue had dried, they peeled off the thin latex sheet and pressed it on the scanner of the iPhone to unlock the handset, which launches two days earlier.
During the launch, Apple claimed the new iPhone with a fingerprint sensor was 'much more secure than previous fingerprint technology.'
At the time, Starbug said: 'As we have said now for more than years, fingerprints should not be used to secure anything.
'You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.'
CCC first published the steps taken to bypass fingerprint scanners in 2004 and they claim that it uses everyday household items - meaning anyone can do it.
In September 2013, hackers from CCC used a photograph of a fingerprint on a glass surface, scanned it and then used a laser printer to print it onto a transparent sheet to make a new print using wood glue. This technique relied on a print obtained from a glass surface (pictured) whereas the new one only needs photos
Security expert Graham Cluely said: 'It’s worth remembering that fingerprints are not secrets.
'You literally leave them lying around everywhere you go, and they could be picked up by others.
Relying on your fingerprints to secure a device may be okay for casual security – but you shouldn’t depend upon it if you have sensitive data you wish to protect.'