Fingerprint technology has long been hailed as the next great frontier in security features. Whether that’s because pretty much every spy movie includes a fingerprint scan scene, or because of all the hubbub over various tech companies like Apple releasing fingerprint technology for their new devices, it’s hard to tell. But for a long time a lot of us have believed that fingerprints are so unique that they would make for safe security features. Unfortunately, that may not actually be the case. According to a German hacker, it may be pretty simple to copy fingerprints…and all you need is a camera and some luck.

Hacker Jan Krissler (alias “Starbug”) of the hacking group Chaos Computer Club (CCC) in Hamburg, Germany, presented his fingerprint-stealing theory at a conference earlier this week. Krissler chose German Defense Minister Ursula von der Leyen as his example target. He used high resolution photographs that had been taken of von der Leyen–and he had a lot to choose from, given that she’s a pretty high profile figure in Germany. The photographs were all able to be zoomed in on to see her fingers. Then, using a readily available app called VeriFinger, he processed and reproduced her fingerprint.

CCC, which says that it’s the largest hacking group in Europe, has long tried to show how relatively unsafe fingerprint technology is. When Apple released the iPhone 5s last year with fingerprint scan technology included, CCC claimed that it was able to easily bypass Apple’s security system. Taking a photograph of a fingerprint and then making a wax-model of it allowed them to break into iPhones.

Krissler personally has long rallied against this technology that’s supposed to keep our devices and information safer. It’s not just fingerprint technology–he also has a serious problem with computers and other devices that unlock based on facial recognition, explaining that that kind of technology can be hacked by using a photo of a person. He also explained another probably less probable security concern with our current device mechanisms: “Reading a user’s PIN code from reflections in their pupils while taking selfies.”

The chances that these hacks are actually used in practice don’t seem very likely. I mean, how often do you have very high resolution photographs taken of your fingertips? Furthermore, in order to actually break into a technological device with a copy, you’d need said device.

This is not me saying that we all need to go off the grid and live in a cave to protect our information–I would fare horribly in a cave, as there probably aren’t many caves with good access to Netflix. However, I think the point that Krissler makes–that we rely too much on technology at face value–is a point well taken.

Anneliese Mahoney

Anneliese Mahoney is Managing Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

The post German Hacker: Fingerprint Scans Can be Hacked appeared first on Law Street.

For a long time fingerprints have been  the ubiquitous identifier. They allow us to solve crimes, track people, and as of recently, even unlock our iPhones. But what if there was something even more dependable than fingerprints? New developments in technology indicate that that’s the case — we’re now seeing the development of voiceprints.

Voiceprints — more scientifically known as voice biometrics — are as distinctive as fingerprints. Companies have begun taking advantage of voiceprints to provide an extra layer of security for their customers — after all, it’s possible to get someone’s password, but you can’t duplicate someone’s voice. Basically, there are two ways that voiceprints can be used — either you have a particular phrase that you say, like a password, or you give a long sample of your speech involving many different sounds, and then the computer program can recognize you. There are many different possible combinations for how this technology can be used.

John Buhl of Vanguard, a company that has really started making moves on voiceprint technology, stated:

We’ve done a lot of testing, and looked at siblings, even twins. Even people with colds, like I have today, we looked at that.

In addition to using voiceprints as possible password protection, banks and other companies that deal with secure information are taking voiceprints to help weed out fraud. They’re hoping to prevent criminals from making false calls authorizing payments.

Finally, law enforcement officials are also using voiceprints and other biometric data. In the United States, the police are able to use voiceprints to track people who are on parole. In other countries, the use of voiceprints has gotten even more extensive. The New Zealand government alone has amassed over one million voiceprints at this point.

This is yet another intersection of technology and privacy that is both fascinating and concerning. The databases that both private companies and the government are currently compiling of people’s voices are not regulated, and they’re growing fast. The Associated Press estimates that roughly 65 million voiceprints are being stored in some combination of private and government databases.

There are a lot of privacy concerns inherent in this issue. One is that it could rob people of anonymity in cases where they so desperately need it, such as anonymous tips or counseling services. People may be pushed away from calling say, a suicide hotline, because they are worried that their voice would be tracked back to them.

There’s also a concern over the fact that in general, corporations and governments are collecting way too much information on us. A privacy expert at the University of Pennsylvania, Professor Joseph Turow, stated:

Companies are using data drawn from our internet and purchasing [behavior] – and now our voices – and connecting it to the identities that they’ve created for us. Then they can lead us in a variety of different directions, based on their stereotype of us.

Because we often see technology progress more quickly than our laws governing it, the use and collection of voiceprints are essentially unsupervised. That right there is an important lesson to keep in mind — we have this great technology, but at some point we may need to question the uses for it. While I don’t think that voiceprints are going away anytime soon, activists’ concern may slow the progression of collection until we figure out exactly how we want to use this new resource.

—

Anneliese Mahoney (@AMahoney8672) is Lead Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

Featured image courtesy of [plantronicsgermany via Flickr]

Anneliese Mahoney

Anneliese Mahoney is Managing Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

The post Has Your Voiceprint Been Collected and Stored Without Your Knowledge? appeared first on Law Street.