We have noticed you are using an ad blocker
To continue providing news and award winning journalism, we rely on advertising revenue.
To continue reading, please turn off your ad blocker or whitelist us.
A team of hackers have proved how a synthetic fingerprint can be created from public photographs of the target and used to unlock their smartphone -
The Chaos Computer Club, Europe's largest hacker association, used publicly available software VeriFinger to create an accurate thumbprint of German defence minister Ursula von der Leyen from photos taken of her at a press conference.
This could then be used to produce a synthetic finger to unlock a smartphone belonging to von der Leyen. Although this isn't the first time a smartphone fingerprint scanner, as used by the iPhone 6 and Samsung Galaxy S5, have been duped by a synthetic digit, previous hacks only worked with access to a fingerprint of the target, such as on a glass or the screen of the phone itself.
Revealed (YouTube video, in German) at the club's 31st annual convention in Hamburg, by member Jan Krissler - also known by his alias Starbug - the method highlights how biometric security shouldn't be seen as a sure-fire method of protecting a smartphone, computer or something like a high-security vault.
The CCC's method takes this step away, although obviously access to the phone is still required to break into it with the artificial thumb.
Last year, the CCC revealed that the Touch ID fingerprint scanner used by the iPhone 5s could be hacked with a synthetic print, and just two days after the iPhone 6 and 6 Plus went on sale this year, security researcher Marc Rogers found the new models are equally hackable.
"Sadly there has been little in the way of measurable improvement in the sensor between these two devices. Fake fingerprints created using my previous technique were able to readily fool both devices," Rogers said in a blog post, adding: "Furthermore there are no additional settings to help users tighten the security such as the ability to set a time out for TouchID after which a passcode must be entered."