Your fingerprint can be stolen by taking a photo

Your fingerprint can be stolen by taking a photo
© Getty Images

A skilled hacker can replicate someone’s fingerprint based solely on a medium-range picture of their thumb, a prominent cyber expert proved over the weekend.

Jan Krissler, a German member of the Chaos Computer Club hacking network, demonstrated at a conference in Hamburg this weekend that he was able to replicate the fingerprint of German Defense Minister Ursula von der Leyen by using a series of pictures of her finger taken with a “standard photo camera.” The pictures were taken at a public news conference from about 10 feet away.

ADVERTISEMENT

The demonstration could point to a short life for security measures that require biometric keys in order to unlock tech devices.

Apple’s Touch ID system, for instance, uses fingerprints as a type of password for new iPhones.

Krissler, who goes by the hacker alias Starbug, had previously cracked that system by using the smudge left by a fingerprint on a glass surface. The ability to copy someone’s fingerprint based solely on photos, however, would seem to make that security system even easier to bypass.

“Politicians will presumably wear gloves when talking in public," Krissler said before giving his demonstration.

The rise in thefts of people’s data from their devices and online storage has prompted many to look for new and better types of passcode systems that make it harder for hackers to easily guess their passwords.

The White House’s “cyber czar,” for instance, has called the current use of passwords “terrible” and has advocated for fingerprint scanners or facial recognition tools that could turn a selfie into a cyber key.

“All of those factors will be combined,” Michael Daniel said in October.

“I think there won’t be one solution for everything. I think there will be multiple different solutions.”

The use of biometrics instead of passwords has also raised tricky legal issues. Earlier this year, a circuit court ruled that police can force someone to give up their fingerprint — but not their password — in order to unlock a smartphone.