The vulnerability of the "thumb": I hack your finger on the photo

Biometrics is gaining momentum

Russia is discussing the creation of a National Biometric Center with a database of 100-150 million records. A draft law on mandatory biometric registration has already been submitted to the State Duma. On Habré they write about the results of testing algorithms of biometric companies and try to find out who is better: password or biometrics . Even Mastercard issues a payment card with a fingerprint scanner and VISA too .

Hackers mischievously rub their hands

And stocked up with high-resolution cameras and liquid silicone. Now it is not necessary to cut off the fingers , you can do them yourself.
')
About how to "hack on a photo" the first woman in the post of Minister of Defense of Germany, read under the cut.


Even children can get around biometrics (I hope that the man is alive and just sleeping)

A year ago, German hackers showed how to hack smartphones with biometrics

Video about how to hack smartphone biometrics system:



And here is how fat traces were scanned from a smartphone and a finger was made. Visual aid for those who want to repeat the experiment:



In the comments wrote (@maeris):

In case someone didn’t quite understand from the German video what was happening:

1. we scan or photograph a print;
2. translate in monochrome: the protrusions are white, the pits are black;
3. print on a laser printer on photo paper (experts already smelled LUT, yes);
4. iron ironing textolite printout to transfer toner;
5. wash paper with water;
6. poison with ferric chloride;
7. we grease with a thin layer of some fat that rubber has departed easily;
8. apply liquid rubber (silicone putty for crevices, whatever);
9. after hardening, we get our finger.

The protrusions in the picture should be white, because on the PCB they mark the areas that need to be etched, i.e. will be dimpled, and after applying the rubber will be back protrusions.

Demonstration of authorization with an artificial finger on 31c3 :





There are prints everywhere, but they are not needed by and large, you can simply take a picture or google, which the Germans clearly showed this year

And this year

The hacker in a cheeky sweatshirt (they even wrote about him in the newspaper), Jan Krissler, used the available programs and a couple of shots of the Minister of Defense's hand. He himself made the main part of them with an ordinary camera from a distance of about three meters during one of the press conferences. Additional images he received from high-resolution videos, in which the hand of Ursula was shown in close-up from different angles.

Using the VeriFinger program, the hacker performed filtering and automatic matching of the image reference nodes. This is how the digital copy of the finger turned out.

Ursula Gertrude von der Layen (born October 8, 1958) - German politician, Minister for Family Affairs (2005–2009), Minister of Labor and Social Affairs (2009-2013), Minister of Defense (since 2013). The first woman as Minister of Defense of Germany.




Ursula von der leyen

Precautionary measures

“I trust my password much more than a fingerprint or retina scan,” says Starbug
“Probably, in the future, politicians will appear in public only in gloves,” Starbug joked at the end of his speech.

I will crack you in the eyes

PS
Speech Starbug with English translation: