Friday03 February 2023

Simple photos of your fingers can be used to hack finger print scanners

Reading time is around minutes.

The concept of the fingerprint ID has been around for a long time and, for the most part, has been seen as a rather secure method of locking your things away. At least that is the way it is seen by the public. For most of the security crowd finger print ID as a security system have one major flaw in them, they are all little more than optical scanners. If you can fool the scanner, which does not do much more than compare one image to another, then you are in.

This is what hackers did when they broke Apple’s vaunted touch ID. They recreated a finger print from one left on a glass using high-resolution photography and were able to fool the sensor very easily. The downside to this method is that you would need access to something that was held by the target and that is capable of maintaining a good print. This makes this particular “hack” limited in scope.

As with all thing digital, technology continues to move forward and someone has found a way to recreate finger prints from pictures of a person’s fingers. This scary new technique was shown off by the CCC (Chaos Computer Club) at a recent show in Germany. Biometric security exert, Jan Krissler (Starbug) showed how this was done using off-the-shelf software and hardware.

During Kissler’s presentation he showed how recreation of a finger print was possible with access to images of someone’s hands. These images did need to be fairly high-resolution of course and you would need different angles to get a good starting point, but in the end you can get a working copy of a fingerprint with images found online or ones taken using a regular camera. The software used to recreate the print is called VeriFinger and is publicly available. So where does this latest news leave fingerprint id? Well pretty much where it has always been; a cool idea, but not what you want to bet your life on.

There is a big push to mitigate this type of attack though; Synaptics, Samsung, Apple and others are working to introduce safeguards into their products to detect forgeries. These steps include blur detection, pulse detection (and potentially matching) as well as increasing the resolution of the scanners to ensure god initial scans. Still there is much more to be done to make this form of authentication more secure… just like every other form of single factor authentication on the planet. Stay safe out there…

Tell us what you think in our Forum

Last modified on Monday, 29 December 2014 14:45

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.