Hacker fakes German minister's fingerprints using photos of her hands (2014)

This has been taken to be fact for about a decade.<p>Has anyone ever replicated this? CCC presenters have a tendency to, exaggerate, a little.<p>The only presentation given on this topic, at CCC, demonstrated an attack against fingerprint readers where a fingerprint was reconstructed from imagery, cast into a physical fake finger, and then authenticated against itself. Not that a fingerprint was reconstructed from imagery and authenticated against a scan of the actual finger.<p>I can totally botch a reconstruction of a fingerprint based on some blurry imagery such that it looks like the number six side of a die, load the reconstruction into a fingerprint reader, and then authenticate against a gelatin finger with an imprint of six pips on it but I cannot say that I have reconstructed THE fingerprint.

I&#x27;m waiting for someone to start selling fake fingers and eyeballs that I can put on my keychain. I&#x27;ll get one for each ignorant device, site, or service that requires biometrics. That way even though I can&#x27;t reset my fingerprints or iris, I can easily throw away the compromised fake part and register the print&#x2F;iris of a new one.<p>Then I&#x27;ll just need a set of masks for facial recognition... maybe a couple gloves with palm prints. Man, passwords are looking more manageable all the time.

Makes me think of Steve Gibsons Security Now episode on the 4 factors of security:<p>1: Something you know (Password)<p>2: Something you have (OTP)<p>3: Something you are (Bio)<p>4: Someone you know (3rd Party)<p>In 2024, the last 2 seem a bit more challenging. With AI voice and biometric data being able to be lifted from internet media, there&#x27;s some more to think about when designing these systems. These are fun challenges to think about. I&#x27;m glad Steve decided to break the 1000 podcast limit, I highly recommend checking it currently along with the archive.

Fingerprint is so insecure. So exposing your credentials unencrypted (except for winter) all the time? I mean you wouldn&#x27;t even store your private keys unencrypted in the ssh dir... so don&#x27;t get me started on FaceID!<p>What an easy attack vector. A finger is probably the easiest body part to snatch.<p>(Which i was actually scared of, in case i ever accidentally got top secret files on my drive and some three letter gang was after me).

Interesting but... this applies to well known people. As an average joe, I&#x27;m more concerned about petty theft than about being targeted by super smart criminals.<p>As a matter of fact, my wallet was literally stolen 2 months ago, including bank cards. Interestingly, the thief didn&#x27;t even try to use the bank cards at all (I blocked them right away, but always get a notification on my smartphone when a transaction is made or attempted to be made). The thief just cared about the cash...

TIL “sprayable graphene” is a thing. Wonder if it’s a superconductor in spray form.

Yu