Right now in Hamburg, Germany, the largest European hacker association, the Chaos Computer Club (CCC), is holding its 31st annual congress that's a four-day fest of all things hacking. Other than having a pretty rad name, CCC is well-known for detailing all the crazy (and sometimes scary) shit they can do. They've just added another one to the list.
On Saturday, security researcher and biometrics expert Jan Krissler, known as Starbug, detailed in an hour-long presentation (German) ( https://www.youtube.com/watch?v=pIY6k4gvQsY ) how he recreated German Defense Minister Ursula von der Leyen's fingerprints using only a "standard photo camera" and publicly available software called VeriFinger ( http://www.neurotechnology.com/verifinger.html ).
http://gizmodo.com/chaos-computer-club-says-they-can-hack-your-fingerprint-1675845311
(Score: 0) by Anonymous Coward on Monday December 29 2014, @06:54PM
That term is now abused and beat down into a meaningless syllable.
(Score: 3, Funny) by dyingtolive on Monday December 29 2014, @08:34PM
Go hack yourself.
Don't blame me, I voted for moose wang!
(Score: 0) by Anonymous Coward on Monday December 29 2014, @08:38PM
The NSA can get your fingerprints from examination of Angela Merkel's clitoris.
(Score: 3, Insightful) by terrab0t on Monday December 29 2014, @07:22PM
We should all have stopped using biometrics for identification long ago. We learned how to fake them long ago. For a fingerprint, you only have to pose as a restaurant's staff member long enough to clear the glasses from your target's table. You will leave a clear fingerprint on any flat, shiny surface you touch (door knob, touch screen, etc.).
Once someone develops the ability to imitate the biometric you are using it is useless to you because you cannot be issued a new one.
(Score: 2) by tibman on Monday December 29 2014, @08:16PM
It still seems like decent security. Normal locks for example can be picked by a skilled person (or unskilled if they have a pickgun thing or master key). Everyone knows locks can be defeated in minutes but we all still have the same locks. The difference is obviously that you can change your locks and not your fingerprints. Changing a lock will at least buy you another ten minutes of security : )
SN won't survive on lurkers alone. Write comments.
(Score: 0) by Anonymous Coward on Monday December 29 2014, @09:01PM
You're correct that biometrics are much better than a normal lock, or using a pin or password, but they are not secure enough for the serious stuff (which now includes all the crap we have access to from our computers and phones).
(Score: 2) by Freeman on Monday December 29 2014, @07:26PM
It is interesting that they were able to replicate a fingerprint and use it. Getting a good enough quality photo or several photos wouldn't be a trivial matter, but probably a bit easier and more hands off than other methods. Still, I don't see this as surprising news. It seems like someone was playing around with their smartphone's camera.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 1) by Doctor on Monday December 29 2014, @08:49PM
I have experience with implementing a biometric security system (fingerprint) and I was very sorry afterwards. For twice as much money as a conventional card+PIN system, I got no better security (both are 2 factor authentication), much higher false reject rate (try to enroll the fingerprint of an old lady or someone who works with his hands) and then when I did a little research, I found it was laughably easy to defeat the fingerprint system in the first place. These things are what is called "Security Theater" -- they look all fancy, high tech and effective, but when you really look at it, yeah, not so much. What looks good in the movies doesn't translate to real life.
"Anybody remotely interesting is mad in some way." - The Doctor
(Score: 2) by VLM on Monday December 29 2014, @09:34PM
someone who works with his hands
A former employer did the security theater thing, except it was even worse, it was a hand geometry scanner.
The biggest problem can be demonstrated by walking over to the office fridge and looking at the outdated moldy filth your coworkers leave in there. The problem isn't specifically the filth in the fridge, its the mentality that cleanliness is just totally optional. Think of "that guy" who picks his nose in meetings and scratches his butt (not me, believe it or not). And the hand geometry scanner looked about like you'd expect having read the above. Possibly the most filthy object in the entire office building, even worse than my own mind. I think the inside of a gas station toilet bowl was more hygienic than that scanner. Pointed it out to a coworker and he takes a look and is all like "For our own sanity I think we're going to agree that's just chocolate frosting smeared over there" And I'm pretty sure I saw blood on it once. I will say management wasn't total a-holes for once and they provided hand wipe station next to the biometric scanner. But I always got the feeling I was dipping my hand in a bowl of turds every time I did the hand geometry scan.
(Score: 1) by Doctor on Tuesday December 30 2014, @12:00AM
Ewww! I'm glad I never used those (I always thought they were butt-ugly, but now I have a better reason).
"Anybody remotely interesting is mad in some way." - The Doctor