Before touch identification-based security was introduced, most of our smartphones required only a passcode or a pattern to unlock. Now, after Apple introduced its Touch ID system, it seems more and more smartphone companies are integrating fingerprint-scanning technology to their models.
Fingerprints vary from person to person and do not change over time. On paper, they seem like the perfect verification tools; far more secure than any passcode could ever be… or are they?
A group of German hackers seem to think otherwise. Indeed, they have demonstrated a process in which they could lift off prints from a surface, recreate them on a flexible material, which they can then use to break into a phone or any fingerprint-scanning device.
Much more alarming, however, is a new method of stealing fingerprints discovered by a certain hacker who calls himself “Starbug“. Without needing to lift any fingerprints from surfaces, Starbug made use of a high-resolution image of the German Minister of Defense, and successfully created a working thumbprint. Starbug then used tracing paper to copy the print from the image, transferred it onto a plastic board, covered it with graphite, and used wood glue to produce the print. The materials he used cost him around $200. Check out the video of how it is done.
The very fact that Starbug was able to duplicate a fingerprint without any form of direct contact is a scary thought, but should that spell the end for fingerprint scanning-based security?
If anything, the hack just proves that we can’t treat fingerprints as replacements for passwords. Instead, biometrics system makers should treat fingerprint scanning as an “extra layer” of security, one that is used in combination with a passcode. We call this two-factor authentication. That way, it creates two barriers that work together to help create systems that are much more secure.