Fingerbang!


Holy crap! Starbug cloned a fingerprint of Germany’s federal minister of defense, Ursula von der Leyen!

What’s that you say? Who’s Starbug and why von der Leyen? Excellent questions.

We all know that it’s just not safe out there on the interwebs and your stuff should never be considered ‘secure’. But remembering all those passwords suuuuuucks! And installing 1Password or similar on every freakin device you use is a draaaaaaag! You love your phone’s fingerprint scanner, right? Well, don’t breath easy:

At the 31st annual Chaos Computer Conference in Hamburg Germany, biometrics researcher Starbug, whose real name is Jan Krissler, explained that he used a close-up photo of Ms von der Leyen’s thumb that was taken with a ‘standard photo camera’ at a presentation in October — standing 3 metres away from the official. He also used several other pictures of her thumb taken at different angles.

Yes, that’s right: Starbug cracked Apple’s Touch ID and now he’s stolen the minister’s fingerprints with a camera.

Main takeaway: biometrics aren’t all they’re cracked up to be… at least, in mainstream technology. Sure, if you fail your retina scan at a secure US military facility it’s backed up by violent people with awesome guns – that’s real security. However, out here in the normal world, it’s pretty unsettling that, as more and more of our personal information, thoughts, dreams and memories – stuff that was once quaintly considered private – make their way from our heads into the ‘cloud’ and our ubiquitous communication devices, they just aren’t safe.

What to do? Well, passwords aren’t so bad. They are if you don’t take sensible precautions: make your passwords individual for each site/context and more than 14 characters with no patterns or real words. This won’t make them uncrackable, but it means anyone trying to use brute force will likely move on to more low hanging fruit. Even Starbug doesn’t mind the old password:

“I consider my password safer than my fingerprint… My password is in my head, and if I’m careful when typing, I remain the only one who knows it.”

Basically, it’s all about risk minimisation, being prudent, organised and sensible with your passwords… but I sense a future when it just becomes all too hard and we all just say “chip in the head it is then!”.

Categories