티스토리 뷰

Articles

Hackers fakes German minister's fingerprints using photos of ther hands

af334 2015. 1. 6. 08:00

Jan Krissler used high resolution photos, including one from a government press office, to successfully recreate the fingerprints of Germany's defence minister


It's an old cliche of security researchers: fingerprints might appear more secure than passwords. But if your password gets stolen, you can change it to a new one; what happens when your fingerprint gets copied?


That's no longer an abstract fear: a speaker at the Chaos Communication Congress, an annual meeting of hackers in Germany, demonstrated his method for faking fingerprints using only a few high-definition photographs of his target, German defence minister Ursula von der Leyen


Jan Krissler, known in hacker circle as Starbug, used commercial software called VeriFinger and several close-range photos of von der Leyen, including one gleaned from a press release issued by her own office and another he took himself from three meters away, to reverse-engineer the fingerprint


"After this talk, politicians will presumably wear gloves when talking in public," he joked


Also reported at the conference was another security hole seemingly straight out of science-fiction: a so-called "corneal keylogger". The idea behind the attack is simple. A hacker may have access to a user's phone camera, but not anything else. How to go from there to stealing all their passwords?


One way, demonstrated on stage, is to read what they're typing by analysing photographs of the reflections in their eyes. Smartphone cameras, even front-facing ones, are now high-resolution enough that such an attack is possible


Starbug is no stranger to talking on biometric security. In a high profile stunt in 2013, he spoofed Apple's TouchID sensors within 24 hours of the release of the iPhone, he printed a dummy finger using wood glue and sprayable graphene, which successfully unlocked a phone registered to someone else's thumb


For that hack, he had to have physical access to the phone he stole the fingerprint from, in order to get a high resolution scan of the print. His latest demonstration suggests that it may be possible to unlock a phone using a fingerprint stolen without ever touching a person or their property -although actually getting hold of the phone is still needed for the last stage, of actually unlocking it


The increasing number of successful attacks against biometric identification has led to some security researchers advising that people change the way they think about security measures such as fingerprints and photo ID. Rather than treating them as a replacement for passwords, they should instead be used as a second factor of authentication, or even as something similar to a username: a publicly known piece of information which must be linked to a password before a user can log in.


As the ACLU's Jay Stanley told the Washington Post,"Biometrics are not secrets... Ideally, they're unique to each individual, but that's not the same thing as being a secret"



And Starbug agrees, telling Zeit in 2013 that "I consider my password is in my head, and if I'm careful when typing, I remain the only one who knows it"



I remain the only one

when typing

I consider my password is in my head

as being a secret

ideally, they're unique to each individual

biometrics are not secrets

must be linked to a password

a publicly known piece of information

similar to a username

they should instead be used as a second factor of authentication

rather than treating them as a replacement for passwords

has led to some security researchers advising that people change the way they think

about security measure

The increasing number of successful attacks against biometric identification

getting hold of the phone is still needed for the last stage, of actually unlocking it

without ever touching a person or their property

using a fingerprint stolen

in order to get a high resolution scan of the print

had to have physical access to the phone

unlocked a phone registered to someone else's thumb

sprayable graphene

he printed a dummy finger

of the release of the iPhone

he spoofed Apple's TouchID sensors

in a high profile stunt

is no stranger to talking on biometric security

are now high-resolution enough that such an attack is possible

even front-facing ones

How to go from there to stealing all their passwords

may have access to a user's phone camera

a so-called corneal keylogger

seemingly straight out of science-fiction

he joked

will presumably wear gloves

to reverse-engineer the fingerprint

took himself from three meters away

including one gleaned from a press release issued by her own office

several close-range photos

commercial software

known in hacker circle as Starbug

high-definition photographs of his target

demonstrated his method for faking fingerprints

that is no longer an abstract fear

gets copied

you can change it to a new one

gets stolen

fingerprints might appear more secure than passwords

an old cliche of security researchers

defence minister

high resolution photos




저작자표시 비영리 변경금지

'Articles' 카테고리의 다른 글

Tech companies and social networks need an ethics body to rebuild trust  (0) 2015.01.06
Mark Zukerberg asks Facebook users to suggest his personal challenge for 2015  (0) 2015.01.06
Streaming : the future of the music industry, or its nightmare?  (0) 2015.01.06
Study claims more than 80% of 'dark net' traffic is to child abuse sites  (0) 2015.01.05
Sony offers discounts after Christmas Playstation Network hack  (0) 2015.01.05
공유하기 링크
댓글
반응형
공지사항
최근에 올라온 글
최근에 달린 댓글
Total
Today
Yesterday
링크
TAG
more
«   2025/04   »
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30
글 보관함