Famous German hacker collective the Chaos Computer Club has revealed a method for capturing and using a fingerprint without ever having to touch the target, using nothing more than a standard digital camera.
Interest in fingerprints as a biometric authentication measure for electronic devices has never been higher. While early fingerprint scanning systems failed to take off commercially, Apple's TouchID system - integrated into its latest smartphone models - has proven popular, allowing the authorised owner to quickly unlock the handset while preventing others from accessing the device. Similar technology is also frequently used in military and governmental circles, despite evidence that it can be fooled using fake fingerprints formed from gelatin.
A talk this weekend from Jan 'Starbug' Krissler may make the more security-conscious users rethink fingerprints as a valid authentication measure, however. Part of the latest meeting of the Chaos Computer Club, Krissler's talk
revealed how it was possible to capture and reproduce a fingerprint at a high enough quality to fool commercial fingerprint scanning systems using nothing more than a series of images taken with an off-the-shelf digital camera.
Krissler's method works by taking close-up images of the target's finger at a public event using a telephoto lens. By capturing high-resolution images at various angles, a reproduction of the fingerprint good enough to fool commercial scanners can be produced - as proven by a demonstration involving the thumbprint of Ursula von der Leyen, the German defence minister. Compared to the traditional method of stealing an item the target has physically touched, Krissler's attack is considerably easier - 'after this talk, politicians will presumably wear gloves when talking in public,
' he joked.
Full details of the attack are available on the Chaos Computer Club