
Politician's fingerprint 'cloned from photos' by hacker - Libertatea
http://www.bbc.com/news/technology-30623611
======
HackinOut
Yesterdays's HN discussion about this:
[https://news.ycombinator.com/item?id=8806394](https://news.ycombinator.com/item?id=8806394)

------
jelder
Krissler is providing a huge service here. It's a great illustration of the
fact that fingerprints and other biometrics are analogous to _usernames_ and
are completely unlike passwords.

It's like Apple and other biometric device purveyors are telling us all to
just log in with our username and a blank password. At the moment we're all
scrawling our passwords on every surface of every room we enter.

~~~
objclxt
Well, it's a little different, because as far as I can tell he has
reconstructed a 2D image of the fingerprint, but not used that fingerprint
successfully for any authentication system.

~~~
glesica
I'm not sure that is accurate...

"As an example, he demonstrated how he could use his fake fingerprint to
unlock his iPhone — that features a ‘Touch ID’ fingerprint sensor integrated
into its home button."

[http://www.iphonehacks.com/2014/12/hackers-reproduce-
fingerp...](http://www.iphonehacks.com/2014/12/hackers-reproduce-fingerprints-
german-defense-minister-public-photos.html)

It isn't entirely clear which fake fingerprint was used. I guess we should
probably watch the CCC talk.

~~~
carlosrg
> It isn't entirely clear which fake fingerprint was used.

Obviously his own fingerprint. He doesn't have access to the German Defense
Minister iPhone to test the real one (assuming the Defense Minister uses an
iPhone and has Touch ID configured).

~~~
glesica
Hehe well obviously not hers. What I meant was that it wasn't clear how he
built the fake fingerprint he tested, whether he used the exact same method he
used to construct the defense minister's fingerprint, or whether he "cheated"
to make it easier on himself.

~~~
carlosrg
Ah haha, sorry, I misunderstood you. Yes, definitively the details of this are
fundamental to know if this could work in non-ideal conditions -it's not the
same to take a high res photo only of your finger with good lighting than use
publicly available, normal photos.

~~~
glesica
Agreed, you worded it much more clearly than I did :)

------
mkal_tsr
I think Taylor Swift said it best,

Remember: Fingerprint locks are convenient, but they discard your ability to
"forget" or refuse to unlock a device. They remove consent.

[ source -
[https://twitter.com/SwiftOnSecurity](https://twitter.com/SwiftOnSecurity) /
[https://imgur.com/a/1PDRJ](https://imgur.com/a/1PDRJ) / ]

Can anyone intent on downvoting explain what is factually wrong or misleading
about the quote in the picture? Just because it's on a picture doesn't make it
less valid.

~~~
calvin_c
If the subject you'd like to bring to discussion is the quote, post the quote.
If you want to bring up a humorous Twitter account dealing with security
concerns, post the Twitter account. Reposting a meme posted by that account
doesn't serve either purpose very well.

~~~
patal
If the subject you'd like to bring to discussion is no humour on HN, post no
humour on HN. If you want to bring up your confusion about how Taylor Swift
and security go together, just say so. Gruntling away in your post doesn't
serve either purpose very well. You're being mean to parent.

------
digisth
For systems using biometric auth, wouldn't the next step to make it multi-
factor biometrics (i.e., obtaining a confidence value based on the combination
of fingerprint, face, vein pattern, gait, voice, etc.) rather than the simple
one-to-one matching systems we use for it now?

~~~
Retric
Your far better off simply supervising people while collecting biometrics.
Think, guard at the door while you walk into a facility who compares your
photo in their sytem with what you look like vs. fingerprint reader at a
workstation.

Granted, there also useful limiting casual access. Think kid/roomate using
someone elses work laptop vs. a dedicated hacking attempt.

------
xexers
I wonder how well this technique would work with the keys to your house...
based on say 50 photos of you with your keys dangling, could you reconstruct
the key and then 3d print it?

~~~
lt
This is well available today. For example, there's an app for that:

[https://keysduplicated.com/](https://keysduplicated.com/)

------
learnstats2
Are Samsung and Apple really the most important aspect of this issue?

People are convicted of crimes on the strength of their fingerprint.

~~~
HackinOut
Testimonies can by themselves end up into a conviction. I am not sure this is
comparable. When a crime is committed any evidence is welcome to try and solve
it. Investigators are not "choosing" their type of evidences like you can
choose a type of digital protection.

~~~
anigbrowl
I think his point is that you could frame someone using this method. Juries
tend to give lots of weight to forensic evidence, often more than is
scientifically justified. If you hear 'his fingerprints were found on the
murder weapon' then for most people that is more than enough.

------
adityab
Link to talk video:
[http://media.ccc.de/browse/congress/2014/31c3_-_6450_-_de_-_...](http://media.ccc.de/browse/congress/2014/31c3_-_6450_-_de_-
_saal_1_-_201412272030_-_ich_sehe_also_bin_ich_du_-_starbug.html#video)

