Hacker extracts Merkel's iris image
30 November 2015 10:55 GMT

LONDON - Starbug, a hacker who famously breached Apple’s TouchID and recreated the German defense minister’s thumbprint from a high-res image, has revealed a method whereby iris images were taken from distance with a high-resolution camera and then a simple laser printer to recreate them.

He then showed how to use this technique to extract the iris data of German chancellor Angela Merkel, using a photo taken at a press conference.

He said that these images could be printed onto a contact lens.

Even easier than taking a high-res image of a subject, however, was using iris information taken from a high-res billboard or magazine image.

Starbug’s speech also focussed on the vulnerability of fingerprint and facial technology, saying that together with iris these represented “90% of the biometrics market value”.

“Everything is spoofable,” he said.

Starbug revealed how to make a dummy fingerprint to spoof Apple’s Touch ID sensor, simply by lifting a fingerprint from a basic print scanner and then making a mould.

He also revealed how to use a digital SLR camera with a 200ml lens to take fingerprints that can be replicated from a distance - the method used to extract German Defense Minister Dr Von Der Leyen’s thumbprint.

Even fingerprint sensors featuring liveness detection are at risk, according to Starbug, who illustrated that it is also possible to wear ultra-thin dummy fingerprints that can confuse this technology.

“I can fool every fingerprint sensor in two hours”, he said, welcoming challenges from manufacturers to beat their technology.

Finally on facial recognition, Starbug said a simple photo of the users face is often more than enough - even for most infrared devices. Here "liveness detection is very important", he said.

He also outlined a method to defeat liveness detection that demands that makes users blink, and finally, he showed a technique to defeat 3D facial recognition techniques using a papier mache maske - saying that this was "not easy".

But Starbug’s message was far from anti-biometrics, admitting that he uses TouchID over other security methods.

 

Related articles

German hackers create spoof fingerprint from high-res image
02/01/15
Security researcher spoofs iPhone 6’s fingerprint scanner
24/09/14
Apple and Samsung must address spoofed fingerprints, says Senator
21/07/14