German Hacker: Fingerprint Scans Can be Hacked

Fingerprint technology has long been hailed as the next great frontier in security features. Whether that’s because pretty much every spy movie includes a fingerprint scan scene, or because of all the hubbub over various tech companies like Apple releasing fingerprint technology for their new devices, it’s hard to tell. But for a long time a lot of us have believed that fingerprints are so unique that they would make for safe security features. Unfortunately, that may not actually be the case. According to a German hacker, it may be pretty simple to copy fingerprints…and all you need is a camera and some luck.

Hacker Jan Krissler (alias “Starbug”) of the hacking group Chaos Computer Club (CCC) in Hamburg, Germany, presented his fingerprint-stealing theory at a conference earlier this week. Krissler chose German Defense Minister Ursula von der Leyen as his example target. He used high resolution photographs that had been taken of von der Leyen–and he had a lot to choose from, given that she’s a pretty high profile figure in Germany. The photographs were all able to be zoomed in on to see her fingers. Then, using a readily available app called VeriFinger, he processed and reproduced her fingerprint.

CCC, which says that it’s the largest hacking group in Europe, has long tried to show how relatively unsafe fingerprint technology is. When Apple released the iPhone 5s last year with fingerprint scan technology included, CCC claimed that it was able to easily bypass Apple’s security system. Taking a photograph of a fingerprint and then making a wax-model of it allowed them to break into iPhones.

Krissler personally has long rallied against this technology that’s supposed to keep our devices and information safer. It’s not just fingerprint technology–he also has a serious problem with computers and other devices that unlock based on facial recognition, explaining that that kind of technology can be hacked by using a photo of a person. He also explained another probably less probable security concern with our current device mechanisms: “Reading a user’s PIN code from reflections in their pupils while taking selfies.”

The chances that these hacks are actually used in practice don’t seem very likely. I mean, how often do you have very high resolution photographs taken of your fingertips? Furthermore, in order to actually break into a technological device with a copy, you’d need said device.

This is not me saying that we all need to go off the grid and live in a cave to protect our information–I would fare horribly in a cave, as there probably aren’t many caves with good access to Netflix. However, I think the point that Krissler makes–that we rely too much on technology at face value–is a point well taken.

Anneliese Mahoney

Anneliese Mahoney is Managing Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.