This hacking method defines keeping it simple. Sort of. In the past, most thought you would have to lift prints from a touchscreen to copy a user’s fingerprints. Granted, everyone’s smartphone is CSI’s dream. Smudges and prints everywhere.
Unfortunately, it’s even easier for hackers. They just need a high quality camera and a bit of luck. At a Chaos Computer Club presentation, Jan Krissler demonstrated you need a few high quality photos on their hand to reproduce fingerprints.
Using off-the-shelf software such as VeriFinger, the computer club was able to replicate a target’s fingerprints. In this case, they demonstrated reproducing the German Defense Minister’s thumbprint. This was obtained from a series of photos from a recent press conference.
Before we have the collective CNN-style freakout, there are some serious caveats to this. One, it doesn’t always work. It takes more than a few high quality images of a person’s hands. The easiest targets are celebrities and politicians, who have thousands of photos snapped of them.
Even then, have fun going through that archive. For the average person? Well, if you’re in line and someone has a Nikon DSLR pointed at your hand, you’re apt to say something or call the cops.
Two, they still need your phone. All that fingerprint work is for naught if the identity thief doesn’t have your phone. What’s the likelihood a Defense Minister is getting his/her phone stolen? About as likely as the thief getting access to it before it’s remote wiped.
And three. The practical danger of this is pretty limited. No one is going to get away with snapping pictures of your hand at Walmart. Then following you out to the parking lot to steal your phone. There’s easier ways to steal your identity. Seeing as online e-commerce is slow on patching vulnerabilities, just wholesale hacking Staples is easier than stealing 1000s of thumbprints.
Still, it’s an interesting presentation. Fox thanks you for their next plot point of 24.