Spy movies that feature uber clever hackers are a dime a dozen, and why not? Audiences love the suspense, the made-up technology, the funny jargon, and the pulse-raising music. However, it isn’t so entertaining when those hacks you see on the silver screen make their way into real life and have the potential to affect your data’s security.
A recent demonstration at a hacker’s conference in Germany is a case in point. A hacker showed off his skills by stealing the fingerprints of the German defense minister. How did he pull it off, and what are the implications of fingerprint and other biometric hacking for everyday folks?
A Masterful Hack
One of the reasons that people like fingerprint security is that, even though they know it is possible for someone to steal their fingerprints, the chances of that happening are slim because it takes close proximity to a target and some CSI-like skills to pull it off, right? Not necessarily.
Jan Krissler, known by the name Starbug in hacker circles, stole the German defense minister’s fingerprints using high-resolution photographs. CNN explains how Starbug and his group, Computer Chaos, pulled off the hack: “Starbug printed the fingerprint from the photos onto tracing paper, copied it onto a plastic board, covered it in graphite and made a dummy print by coating the plastic in wood glue.” The resulting dummy print could fool Apple’s TouchID.
As you can see, stealing fingerprints from afar isn’t a process that requires limitless resources. However, snatching biometric data isn’t something that most cyberspace bad guys are likely to try because the process takes patience and finesse.
Still, Starbug’s stunt may still have you scratching your head and wondering if your fingerprints — or the pattern of your iris or even your DNA — are safe from prying eyes.
The Troubles With Biometric Security
Everyone has signed up for an account on a website that says your password must have at least eight letters, one number, one special character, and maybe even the middle name of your great-great-grandfather.
Thus enters the appeal of biometric security. Your fingers and your eyes are always with you, meaning there is nothing for you to memorize and nothing for you to forget. On the flipside, however, you can change a password if it falls into the wrong hands. You can’t swap out your fingers for new ones.
That is only one of the pitfalls of biometric security. Facial recognition technology is advancing to the point where it may be able to pick you out of a crowd. If governments and businesses start to equip their surveillance cameras with such advanced tech, privacy could virtually become a thing of the past.
It gets even scarier. Once your biometric data goes into a computer and hits cyberspace, it becomes a ripe target for hackers.
Some methods of analyzing biometric data are fairly young, but the future implications for the use of such data are far-reaching. An attorney quoted in Scientific American points out, “Once you have somebody’s DNA, you have all sorts of very personal info. There is a lot of fear that people are going to start testing samples to look for a link between genes and propensity for crime.”
Because the use of biometric data for security is in the early stages of its popularity, the future holds a lot of questions that must be answered. But what about right now? What does it mean that smart hackers can steal your fingerprints from afar?
The Impact on Data Security
Maybe the browser on your phone remembers your password for your banking website and your favorite shopping websites that have your credit card information.
It is a convenient way to get quick access on your mobile device, but having those things so easy to get to means that if your phone falls into the wrong hands, you are at risk for identity theft, even if you unlock your phone by means of your fingerprint.
Starbug and Computer Chaos spend a lot of their time trying to find ways to hack technology, and they’re not likely to come after you, so are you really at risk as you go about your day-to-day activities? Well, yes and no. A hacker doesn’t need your actual fingerprint to get access to a fingerprint-protected device.
Biometric security systems grant you access based on, not the squiggly lines on your finger pads, but on what a computer interprets those squiggly lines as. Potentially, a hacker could send that digital version of your fingerprint to your device and gain remote access.
Solid biometric systems have safeguards against such a hack, and it is unlikely that a common cybervillain would go to the efforts required to get access to your device unless that are certain that a big payoff awaits.
A Young Problem with a Few Solutions
After Starbug stole the German defense minister’s fingerprint, he joked that people are going to start wearing gloves in public. Unless you’re in love with gloves as a fashion statement, they aren’t the way to go about safeguarding your sensitive information. The best thing to do is continue to use standard safe practices to protect your data, such as by using a quality security program on your devices and choosing passwords that are hard to crack.
Still, it’s wise to keep in mind the blossoming debate behind biometric security. As the technology becomes more common and more advanced, the government should implement laws to regulate the use of such technology by individuals, organizations, and the government itself.
The Scientific American article mentioned earlier says, “such legislation should limit the amount and type of data that the government can store and where they can be stored. It should restrict the collation of different types of biometric data into a single database. And it should certainly require that all biometric data be stored in the most secure manner possible.”
You don’t have to go running off to get your fingerprints erased like J did in “Men in Black,” but you should always keep abreast of the latest trends in hacking so you can take appropriate steps to protect yourself.