Friendly hackers have already shown us just how vulnerable biometric security measures like fingerprint sensors are to manipulation. Now, another has found a way to copy people’s fingerprints, using nothing but close up photos of their hands.
At the 31st annual Chaos Computer Club convention in Hamburg, Germany, Jan Krissler, aka Starbug, demonstrated how he was able to replicate the fingerprint of German Defense Minister Ursula von der Leyen with nothing more than photos of her hands and a software called VeriFinger. He used several photos taken three meters away from where Von der Leyen was standing during a public press conference to recreate her fingerprint. The photos were taken from several different angles with a 200er-Objektiv lens on a standard camera.
He then ran the images through VeriFnger’s software to form Von der Leyen’s full fingerprint. Krissler says other image-processing software can also be used, and that a camera with a sharp lens may not be necessary, if your phone has a good enough camera. While the print may not be 100 percent accurate, Krissler claims that it can be used to fool Touch ID on any iPhone as well as other devices with fingerprint sensors.
Of course, to get to that point, the hacker had to go through a few more steps to actually make the fingerprint physical. First, he inverted the colors of the photographed print, making the ridges of the fingerprint white and the grooves black. Then, he printed the image in black ink on standard paper. The ink leaves behind just enough texture for Krissler to make a 3D fingerprint. Krissler’s last step involves coating the fingerprint with glue or plaster to create a perfect mold of the print. The final mold can then be used to unlock the person’s iPhone with Touch ID or any other biometric-secured device.
Although Krissler’s process may sound complicated and time-intensive, malicious hackers could potentially exploit high-profile targets with the technique. The hacker even suggested that politicians wear gloves in the future to protect their fingerprints. Meanwhile, the average iPhone user likely has nothing to fear when it comes to Touch ID’s security.