German minister fingered as hacker 'steals' her thumbprint from a PHOTO
Merkel's iris print could be next
Security researchers claimed to have cloned the thumbprint of the German Defense Minister by photographing her hand at a press conference.
In a presentation at the annual Chaos Computer Club hacker gathering in Hamburg, Germany, biometrics specialist Jan Krisller – known in the community as "Starbug" – explained how he'd taken a variety of photographs of Ursula von der Leyen when she gave a press briefing in October.
Krisller used a lens with a focal length of 200mm and shot the snaps from six feet away, he said. He then used commercial fingerprint software from Verifinger to map out the contours of the Minister's thumbprint.
To get that into something that could be used on a biometric scanner, Krisller employed the same technique he demonstrated at the conference last year, where he successfully defeated Apple's TouchID fingerprint lock. The technique, first used in the Gummi Bear attack of 2002, employs digital photographs, flexible materials, and laser printers to create false fingerprints.
A quick reverse and then off to the printer
Krisller inverted the image of von der Leyen's finger and printed it out on a transparent sheet using as much toner as possible. He then poured a layer of latex milk or wood glue over the top, which, when lifted, captured a print that Krisller was able to use to unlock an iPhone.
The key question, however, is whether the thumbprint matches Minister von der Leyen's actual digit – and she's unlikely to offer herself up to check. Some of the geeks from Germany's Bundesamt für Verfassungsschutz security service might also want to pop around for a cup of coffee and a chat.
Angela would not be amused
Krisller said the research inspired him to look at other ways photography might be used to defeat biometric security – for example, to copy the iris print of German Chancellor Angela Merkel. Using high-resolution images from her election campaign materials, he said, it was possible to print out an image that might fool a basic iris scanner.
The entire presentation, with Q&A, is available online, but you'll need to speak German to appreciate it. ®
Sponsored: The Nuts and Bolts of Ransomware in 2016