Fingerprint hacked by a Photo

Services for Real Estate Pros with Inc

You can’t change your fingerprint like you can change your password. But why would you want to change your fingerprint? The thought might cross your mind if your fingerprint gets stolen.

How the heck can this happen? Ask Starbug. He’s a hacker who demonstrated just how this could happen at an annual meeting of hackers called the Chaos Communication Congress, says an article at His “victim” was defense minister Ursula von der Leyen.

Starbug (real name Jan Krissler) used VeriFinger, a commercial software, with several photos of von der Leyen’s hands taken at close range. One of the photos he took, and the other was from a publication.

And this gets more fun, total and complete James Bond stuff: The conference showed that “corneal keylogging” can happen. Reflections in the user’s eyes occur as they type. Photos of these reflections can be analyzed to figure out what they typed. This is another lovely gateway to getting passwords.

But back to the fingerprint thing. In 2013, says The Guardian article, Starbug took a fingertip smudge from a smartphone, and using a few clever techniques, printed an imposter finger. He used the fake thumb to get into the phone. This shows it’s possible to crack into a mobile device with a stolen fingerprint—obtained without even having to be near the victim.

Biometrics is a groundbreaking advance in security, and it was just a matter of time before hackers would figure a way to weaken it. All is not lost. Hacks like this aren’t easy to accomplish and there’s always multi factor authentication available as another layer of protection. 

Biometrics can certainly be a replacement for passwords, but again should include, a second-factor authentication. Passwords are secrets, stored inside people’s heads (ideally, rather than written on hardcopy that someone could get ahold of), but biometric features, such as fingerprints, photos and voice IDs, are out there for all to perceive. Though it’s hard to imagine how a hacker could figure out a way to fool voice recognition software, don’t count this out.

Robert Siciliano is an identity theft expert to discussing  identity theft prevention.


This entry hasn't been re-blogged:

Re-Blogged By Re-Blogged At
ActiveRain Community

Post a Comment
Spam prevention
Spam prevention
Show All Comments
John McCormack, CRS
Albuquerque Homes Realty - Albuquerque, NM
Honesty, Integrity, Results, Experienced. HIRE Me!

Good morning Robert Siciliano .  Thanks for sharing this very interesting and just as scary identity theft information with us.  Seems like if science fiction has become reality.

Jan 19, 2015 09:33 PM #1
Tom Arstingstall, General Contractor, Dry Rot, Water Damage Sacramento, El Dorado County - (916) 765-5366
Dry Rot and Water Damage Mobile - 916-765-5366 - Placerville, CA
General Contractor, Dry Rot and Water Damage

Robert Siciliano - This is some scary stuff, the ability to gather information with technology is amazing today.

Jan 19, 2015 09:38 PM #2
Sandy Padula and Norm Padula, JD, GRI
HomeSmart Realty West & Lend Smart Mortgage, Llc. - Carlsbad, CA
Presence, Persistence & Perseverance

Robert Siciliano It is abundantly clear upon reading your blog post that nothing is secure. The only fix is to disconnect from all electronic technology.

Jan 19, 2015 10:45 PM #3
Kathy Streib
Room Service Home Staging - Delray Beach, FL
Home Stager - Palm Beach County,FL -561-914-6224

Robert- I guess it was just a matter of time.  It makesme think of Mission Impossible with Tom Cruise. 

Jan 19, 2015 11:24 PM #4
Kathy Streib
Room Service Home Staging - Delray Beach, FL
Home Stager - Palm Beach County,FL -561-914-6224

What I learned

Jan 24, 2015 09:56 AM #5
Debbie Gartner
The Flooring Girl - White Plains, NY
The Flooring Girl & Blog Stylist -Dynamo Marketers

Wow, this is pretty scary.  I guess as security gets more "secure," there are more creative ways to hack.

Jan 24, 2015 08:42 PM #6
Gita Bantwal
RE/MAX Centre Realtors - Warwick, PA
REALTOR,ABR,CRS,SRES,GRI - Bucks County & Philadel

Thank you for the information. It is really scary to think people can do this.

Jan 24, 2015 09:49 PM #7
Dorie Dillard CRS GRI ABR
Coldwell Banker United Realtors® ~ 512.750.6899 - Austin, TX
Serving Buyers & Sellers in NW Austin Real Estate

Good morning Robert,

I came over from Kathy's post this morning as she selected your post for one of her "Ah-ha" moments for the week. Great choice..the ability to gather information with technology is amazing today. It's pretty frightening!!

Jan 24, 2015 10:40 PM #8
Cara Marcelle Mancuso
Long Realty - Dove Mountain, Marana AZ - Tucson, AZ
Call a Marana neighbor, I'm THERE! LONG REALTY

Wow, who knew? Glad Kathy sent me over. Thank you for your post.

Jan 24, 2015 11:14 PM #9
Kristin Johnston - REALTOR®
RE/MAX Realty Center - Waukesha, WI
Giving Back With Each Home Sold!

Great post!  Thanks to Kathy too for reposting it since I missed it earlier this week!

Jan 24, 2015 11:39 PM #10
Sharon Tara
Sharon Tara Transformations - Portsmouth, NH
New Hampshire Home Stager

All this is making me want to watch a James Bond movie this afternoon!  Great stuff....not so great if you are the victim though!

Jan 25, 2015 03:27 AM #11
Jason Potrzeba
Webster Bank - Providence, RI
Mortgage Banking Officer

There is a bit of irony there with a cell phone being fingerprint protected while at the same time it is essentially covered with the owners fingerprints just waiting for the 007 wannabe to lift it and use it...

Jan 25, 2015 06:33 AM #12
Nicole Doty - Gilbert Real Estate Expert
Zion Realty - Gilbert, AZ
Broker/Owner of Zion Realty

Very frightening stuff going on in the world. It's pretty hard to feel confident that any part of our lives can be private or safe. 

Jan 25, 2015 07:55 AM #13
Cindy Edwards
RE/MAX Checkmate - Johnson City, TN
CRS, GRI, PMN - Northeast Tennessee - 423-677-6677

Crazy, crazy and crazy.  That's all that comes to mind.

Jan 25, 2015 08:01 AM #14
Silvia Dukes PA, Broker Associate, CRS, CIPS, SRES
Tropic Shores Realty - Ich spreche Deutsch! - Spring Hill, FL
Florida Waterfront and Country Club Living

Robert, I think if someone get think of a new way of protection, someone else will figure out a way to break it.  It's just a matter of time and degree of difficulty. 

Jan 25, 2015 08:18 AM #15
Claude Labbe
Real Living | At Home - Washington, DC
Realty for Your Busy Life

Soon I'll have to think that crazy long passwords ends up being safer than I thought? Surely not.

Jan 25, 2015 11:39 AM #16
Praful Thakkar
LAER Realty Partners - Andover, MA
Andover, MA: Andover Luxury Homes For Sale

Robert Siciliano - now this is a real scary stuff!

Are we safe from these hackers anyways?

Jan 25, 2015 12:58 PM #17
Kat Palmiotti
406-270-3667,, Broker, Blackstone Realty Group - brokered by eXp Realty - Kalispell, MT
The House Kat

Wow this is crazy; getting our passwords by analyzing reflections in our eyes? So soon we'll be typing with sunglasses?

Jan 25, 2015 07:25 PM #18
Michael Mahoney
Century 21 American Properties - Walpole, MA
Boston Realtor

Robert Siciliano crazy scary

Feb 06, 2015 06:07 AM #19
Post a Comment
Spam prevention
Show All Comments

What's the reason you're reporting this blog entry?

Are you sure you want to report this blog entry as spam?


Robert Siciliano

Realty Security and Identity Theft Expert Speaker
Ping me to book a program for your group
Spam prevention