Establishing Digital Trust: Don't Sacrifice Security for Convenience
Hacker Jan Krissler, a.k.a. "Starbug," recently claimed to have reproduced a politician's thumbprint from photographs taken at a public event, according to VentureBeat.
Back in September 2013, Krissler demonstrated how a fake fingerprint, created from a fingerprint left on a polished surface like a glass or a smartphone, could be used to unlock an iPhone 5S secured with Touch ID fingerprint security.
"As we have said now for more than years, fingerprints should not be used to secure anything," Krissler said at the time. "You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."
In an interview with Ars Technica at the time, Krissler said iPhone users "should only consider [Touch ID] an increase in convenience and not security."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"The problem with your fingerprints is that you leave them everywhere," Krissler added. "It's akin to writing your password on a Post-it Note and leaving it everywhere you go."
On December 27, 2014 at the 31st Chaos Communication Congress in Hamburg, Germany, Krissler demonstrated how photographs of German Defense Minister Ursula von der Leyen, taken at public events with a basic camera, could also be used to create a fake thumbprint.
Krissler used photographs of von der Leyen taken from different angles, along with a close-up photo of von der Leyen's thumb taken at a news conference in October 2014, to create the thumbprint.
"After this talk, politicians will presumably wear gloves when talking in public," Krissler said.
"People are starting to look for things where the biometric is alive -- vein recognition in fingers, gait analysis," Woodward said.
"They are also biometrics, but they are chosen because the person has to be in possession of them and exhibiting them in real life," he added.
"It's possible that smaller, more portable versions will be with us soon, facilitating the uptake of vein scanning in the consumer space, but as the finger needs to be inserted into the machine, the reader isn't going to be as small as current smartphone print readers," Sophos' John Hawes noted at the time.