At a conference in Hamberg Germany this weekend, biometrics researcher Jan Krisller demonstrated how he spoofed a politician’s fingerprint using photos taken by a “standard photo camera.”
Krissler speculated that politicians might even want to “wear gloves when talking in public.”
The Chaos Computer Club, which put on the conference, and Krissler, who goes by Starbug, have demonstrated their ability to breach fingerprint sensors in the past. Shortly after the first Touch ID-equipped iPhone came out, the Chaos Computer Club was the first group to demonstrate that it is possible to beat Touch ID by creating a fake latex finger from a fingerprint left on glass or a smartphone screen.
Krissler claims he isolated German Defense Minister Ursula von der Leyen’s fingerprint from high-resolution photos taken during a public appearance in October using commercially available software called VeriFinger.
Although there are some advantages to a biometric access over traditional passwords — you can’t lose your fingerprint, and it can’t be phished — as the technology goes mainstream, it’s raising its own security issues. In addition to the spoofing problem, there’s a debate in the United States whether a law enforcement officer can compel you to unlock your device with your finger.
Most iOS devices now come with Touch ID, [company]Apple[/company]’s fingerprint security hardware. A recent Apple patent shows a way to beef up fingerprint reader security by adding a swipe motion.
Fingerprint readers aren’t standard on Android phones, but several devices already have them installed, and source code indicates that [company]Google[/company] has been working to add system-wide fingerprint scanning support.