Now Reading
Biometric Authentication at Risk: Hackers Can Recreate Your Fingerprints Through Photos

Biometric Authentication at Risk: Hackers Can Recreate Your Fingerprints Through Photos

by Clay Michael GillespieJanuary 6, 2015

If you have a few pictures of your hands showing your fingers on your Facebook, Twitter or Tumblr, one major group of hackers claims it can fully reproduce your fingerprints.

The group behind the project is Chaos Computer Club, also known as Europe’s largest hacker association. Jan Krissler, also known as “Starbug,” explained at their 31st annual convention how he copied the thumbprint of German Defense Minister Ursula von der Leyen. Due to a few photos of his fingers Krissler found at public events, he recreated the thumbprint in full.

Using a commercially available software called VeriFinger to recreate the thumbprint. Because fingerprints are often used for biometric authentication, Krissler believed “politicians will presumably wear gloves when talking in public,” following his speech.

The End of Biometric Authentication Before It Begins?

FingerprintWith passwords going by the wayside after increasingly being proven insecure, the internet is in search of a way to bring another level of security forth. One of the proposed solutions is biometric authentication, combining thumbprints with mobile technology to log into everyday websites.

Also read: Companies Are Trying to Get Rid of Passwords Entirely, and Launchkey Just Received $3 Million in Funding to Implement a Replacement

Whether or not it’s as easy as Krissler said to recreate fingerprints this way, the applications are still unknown. It’s common knowledge that hackers will continue to find ways around authentication methods as they get more and more sophisticated, but it takes time.

Passwords were never a perfect system, but they played their role for a time until the world found a way around them. Now with their major vulnerabilities exposed, a new technology needs to take over.

Biometric authentication may have found a vulnerability in their system, but not every hacker will be able to utilize it. The applications around the system still don’t exist, allowing there to be a time for biometric authentication to take over for passwords.

Biometric authentication will continue to play its part until hacking becomes even more sophisticated, and a new technology will take its place.

Images from Wikimedia Commons and Shutterstock.

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it
  • Hitoshi Anatomi

    There is an even bigger loophole. Threats that can be thwarted by biometric products operated together with fallback/backup passwords can be thwarted more securely by passwords only.

    Whether static, behavioral or electromagnetic, biometrics can theoretically be operated together with passwords in two ways, (1) by AND/conjunction or (2) by OR/disjunction. I would appreciate to
    hear if someone knows of a biometric product operated by (1). The users of such products must have been notified that, when falsely rejected by the biometric sensor with the devices finally locked, they would have to see the device reset.  (It is the same with the biometrics operated without passwords altogether. Only in this case can it be claimed that biometrics are used as an alternative to the password.)

    Biometric products like Apple’s Touch ID are generally operated by (2) so that users can unlock the devices by passwords when falsely rejected by the biometric sensors. This means that the overall
    vulnerability of the product is the sum of the vulnerability of biometrics (x) and that of a password (y). The sum (x + y – xy) is necessarily larger than the vulnerability of a password (y), say, the devices with Touch ID and other biometric sensors are less secure than the devices protected only by a password.

    It is really worrying to see so many ICT people being indifferent to the difference between AND/conjunction and OR/disjunction when talking about “using two factors together”.