A hacker says he managed to clone a thumbprint of Ursula von de Leyen, Germany’s Defense Minister, by simply using a “standard photo camera” and some commercial software. He claims he had no access to any physical print from Ms. Von der Leyen.
Jan Krissler, a member of the Chaos Computer Club (CCC), gave a talk (streamed via the internet) on Saturday evening explaining how he obtained fingerprints from people during public events. According to the CCC, these fingerprints could be used for biometric authentication, i.e. to open doors, access bank accounts, get into secure areas of buildings, retrieve confidential data, etc.
Mr. Krissler says he has put to bed any claims by vendors of fingerprint systems who say they are secure.
Analysts have demonstrated compellingly over the last few years how easy it is to steal fingerprint data by simply gathering prints from polished surfaces, like a glass or a smartphone. With a camera and some software, Krissler says one no longer needs to follow people around waiting to steal objects they touched.
Mr. Krissler, who is also known as Starbug, said:
“After this talk, politicians will presumably wear gloves when talking in public.”
All you need is for German Defense Minister Ms. von de Leyen to show her thumb, you take a few pictures, use a bit of software, and Hey Pretso …. you have cloned her fingerprint!
Mr. Krissler says he attended a press event where Ms. Von der Leyen had spoken. He took close-up pictures of her thumb and also used other photographs taken at various angles.
Chaos Computer Club claims to be the largest association of hackers in Europe. For the past three decades it has been providing information about technical and societal issues, including privacy, surveillance, freedom of information, data security, ‘hacktivism’, and other themes related to hacking.
According to CCC:
“As the most influential hacker collective in Europe we organize campaigns, events, lobbying and publications as well as anonymizing services and communication infrastructure. There are many hackerspaces in and around Germany which belong to or share a common bond to the CCC as stated in our hacker ethics.”
Mr. Kissler explaining how simple it is to clone a politician’s fingerprint.
Supposedly hi-tech heavyweights like Samsung and Apple use fingerprint identification for their devices. In Brazil’s last general elections it was used at polling stations, despite experts warning that it is not considered a secure way of protecting data or preventing hackers.