Europe’s largest hacker group claims it can defeat fingerprint-scanning security like Apple Pay’s TouchID with just a few photos that show a user’s fingers, according to VentureBeat.
At the 31st annual Chaos Computer Club convention in Hamburg, Germany, a hacker calling himself “Starbug” (real name: Jan Krissler) explained how he copied the thumbprint of German Defense Minister Ursula von der Leyen. While fingerprints are relatively easy to acquire from any polished surface, Krissler said he used a “standard photo camera” and commercially available software called VeriFinger to capture von der Leyen’s prints.
The main data source was a close-up picture of von der Leyen’s thumb obtained at a news conference in October, along with other photos taken from different angles to get an image of the complete fingerprint.
It’s not clear whether the new print-grabbing technique is a practical way of spoofing Apple Pay or other authentication systems, though Krissler suggested that after his presentation “politicians will presumably wear gloves when talking in public.”
But since the vast majority of non-cash payments currently use either an easily copied plastic card, a PIN that can easily be captured photographically, or card numbers that can be stolen electronically by the millions, fingerprint-by-photo is still far down the list of the easiest ways to hack a payments system.