After Hacker Clones Politician’s Fingerprint, Can We Trust Biometric Security?

German politician and defense minister Ursula von der Leyen has recently been hacked, but it was not her computer or smart phone that was targeted; it was her finger.

Jan Krissler, a member of the largest hacking organization of all of Europe, Choas Computer Club (CCC), claims to have cloned Ms. von der Leyen’s fingerprint. Krissler did not have any actual physical model of the fingerprint to go by. He says that he simply used a standard photo camera. Using the close up of Ms. von der Leyen’s finger and the print, plus photos at additional angles, Krissler was able to replicate her fingerprint. The skilled hacker revealed details of his technique during a hacking convention in Hamburg.

Due to this latest security breach, Mr. Krissler is also suggesting that all politicians should wear gloves while speaking or appearing in public going forward.

While fingerprint identification devices (like on Apple or Samsung devices) are not thought of as being very secure, they were used to identify voters at the Brazil presidential elections. Fingerprints are also often used similarly to keys in order to unlock data from electronics, to gain access to secure spaces, for identification purposes, in military and political outlets, and in many more technological settings. Lately, this technology has even been used in smart-door-locks to replace metal keys that gain you access into your home.

Professor and cyber security expert Alan Woodward of Surrey University in the U.K. says, “Biometrics that rely on static information like face recognition or fingerprints – it’s not trivial to forge them but most people have accepted that they are not a great form of security because they can be faked.”

All of this is having us wonder if this type of technology will be phased out in the future.

However, Professor Woodward does explain that due to the weakness in this type of security software, and the fact that they can be hacked into similarly to Krissler’s method, there are smart changes being made to the way that these biometric devices operate. Woodward explains that people are focusing on the biometric to act “alive” — such as with vein recognition, analyzing gait and motion, and other features — in which the biometric would exhibit a person in real life.

In fact, in September of this year, the banking conglomerate Barclay’s began implementing finger vein recognition for its business customers, adding an additional level of security for their commercial clientele. Other countries, such as Japan and Poland, also use this fingerprint method at their ATM or cash machines. If the technology is easily infiltrated, does that mean that taking a photo of someone and cloning their fingerprint is the same as having their ATM PIN number?

This hack is not completely or necessarily unique to Krissler and the CCC. Back in 2006 on the Discovery Channel television show Mythbusters, Adam Savage and Jamie Hyneman were able to create a prosthetic fingerprint, add a pulse to it, and unlock a secure door that had a biometric lock. During the episode, entitled Fingerprint Lock, they were able to copy the print using latex and lick the fake print in order to mimic sweat; the fingerprint scanner was totally fooled. They had also used ballistics gel to make a print, and that worked as well.

Between banks, hospitals, money withdrawal machines, political or military use, it seems like a person’s fingerprint must be safeguarded when using a biometric-type locking system the same way that a password would be. Politicians having to wear gloves all of the time seems like an inconvenience to say the least, and may even be improbable.

What do you think? Should we all start to wear gloves in public to ensure hackers do not steal our identities and gain access to our protected space just by using a simple photograph?

Photo Credit: Thinkstock

62 comments

Jim Ven
Jim V3 years ago

thanks for the article.

SEND
Angela K.
Angela K4 years ago

Thanks for sharing

SEND
Ana MESNER
Ana MESNER4 years ago

Thank you for posting.

SEND
Leanne B.
Leanne B4 years ago

A thief will always find a way!

SEND
Jennifer H.
Jennifer H4 years ago

This is scary when you consider what they can actually do. Nothing is safe. It is like Hal the computer decades back and Eagle Eye put together. There is nothing that can't be cloned, hacked, stolen.

SEND
Brandon Van Every
Brandon V4 years ago

Something more private, like genital prints? So many things wrong with that.

SEND
Karen H.
Karen H4 years ago

Heck, it's not just Jamie and Adam (Mythbusters) who did this; we've seen it in movies & TV shows for years.

SEND