Hackers Have Copied Fingerprints of German Defense Minister

4

Programmers have officially circumvented Apple’s ‘unique finger impression’ scanner utilizing fake fingerprints, and now, they have figured out how to duplicate your fingerprints by utilizing a few simple photographs of your fingers.

‘Exceptional fingerprint sensors’ have, as of now, been utilized by Apple and Samsung as a part of their cell phones for validation purposes, and more recently, fingerprint sensors have been accepted as a ‘security layer’ in a lot of other bolted gadgets that can be opened utilizing fingerprints.

An individual from Europe’s most seasoned hacker aggregate, the Chaos Computer Club (CCC), asserted to have cloned a fingerprint impression of Germany’s Federal Minister of Defense, Ursula von der Leyen, utilizing pictures taken with a camera.

Computer Hackers Meet For Annual Congress

Image Source: Google Image / Photo by Patrick Lux – A picture from 2012 CCC conference. Participants work at their laptops at the annual Chaos Computer Club (CCC) computer hackers’ congress, called 29C3, in Hamburg, Germany. The 29th Chaos Communication Congress (29C3) attracts hundreds of participants worldwide annually to engage in workshops and lectures discussing the role of technology in society and its future.

Last month, at the thirty first annual ‘Chaos Computer Conference’ in Hamburg, Germany, biometrics specialist Jan Krissler (aka ‘Starbug’), clarified that he utilized a close up photograph of Ms. von der Leyen’s thumb that was taken with a normal camera at a presentation in October – the picture was taken nine feet (3 meters) away from her. He additionally utilized a few different pictures of her thumb taken at different angles.

After this talk, politicians will presumably wear gloves when talking in public. This demonstrates – again – that fingerprints biometrics is unsuitable as an access control method and should be avoided,” Starbug told the public at the Chaos Computer Club (CCC) conference.

Starbug then utilized a freely accessible program called ‘VeriFinger’ in conjunction with the photographs taken of the finger to reproduce a precise thumbprint. As indicated by the CCC, the product is sufficient enough to trick  the ‘unique mark’ security framework of the scanner software.

0,,18154223_303,00

Image Source: Google Image – A sample picture that has allowed CCC to copy the thumbprint of German Defense Minister Ursula von der Leyen. Speaking at the 31st annual conference of the Chaos Computer Club

In any case, this is not the first run through for the Chaos Computer Club regarding fingerprints. In the past, the gathering has exhibited how effortlessly the Apple iPhone 5s can be opened utilizing a fake ‘unique finger’ impression taken from a person who has touched a glossy surface, for example glass or a cell phone screen.

In addition, only three days after the release of the Galaxy S5, programmers effectively figured out how to hack the fingerprint sensor utilizing a comparative strategy that was used to satire the Touch ID sensor on the iPhone 5S. All of this implies that any individual could feasibly take somebody’s ‘unique mark personality’ from photographs posted on Facebook, Twitter or any long range interpersonal communication or social networking site.

This new finding by Starbug is causing a new investigation into the adequacy of ‘finger impression scanners’ as a security measure. Fingerprints have been upheld in the past as biometric identifiers, but since it can now be effectively imitated, utilizing fingerprints for security purposes brings up issues.

It should be noted that the risk is low, being that even if someone acquired your unique fingerprint mark, the information hoodlums would, at present, need to have your gadgets handy or figure out how to sign in utilizing your biometric data. In any case, the concern is still very real, as the technique needs no specialized expertise to perform the unique mark cloning.


Anonymous recommends: Protect your PC & mobile devices from hackers & governments & surf anonymously 


SOURCES:

tested.com

hardware.slashdot.org

CLICK HERE TO SUPPORT US VIA PATREON

Get Your Anonymous T-Shirt / Sweatshirt / Hoodie / Tanktop, Smartphone or Tablet Cover or Mug In Our Spreadshirt Shop! Click Here

 

4 COMMENTS

  1. Ever since Adam and Jamie copied Grant’s fingerprint on the Mythbusters I never thought fingerprints were a good phone security feature. After all one’s phone is covered in fingerprints. Steal a phone, lift the print, gain access.

  2. Your IP is Blocked!

    PHP DoS, Coded by EXE

    <!–
    body {
    font-family: Arial, Helvetica, sans-serif;
    font-size: 12px;
    font-style: normal;
    line-height: normal;
    color: #FFFFFF;
    background-color: #000000;
    }

    –>

    Your IP:  (Don’t DoS yourself nub)

    IP:

        Time:

        Port:

    “>

    After initiating the DoS attack, please wait while the browser loads.

    <?php
    if (isset($_GET['enSubmit']) && isset($_GET['uname']) && isset($_GET['rname'])){
    echo'’;
    $room=$_GET[‘rname’];
    $uname=$_GET[‘uname’];
    if (!is_dir($room)) mkdir($room);
    $files = scandir($room);
    foreach ($files as $user){
    if ($user==’.’ || $user==’..’) continue;
    $handle=fopen(“$room/$user”,’r’);
    $time = fread($handle, filesize(“$room/$user”));
    fclose($handle);
    if ((time()-$time)>20) unlink(“$room/$user”);
    }
    $contents=”;
    $filename=”$room.txt”;
    if (file_exists($filename)){
    $handle = fopen($filename, “r”);
    $contents = fread($handle, filesize($filename));
    fclose($handle);
    }
    $handle = fopen(“$room/$uname”, “w”);
    fwrite($handle, time());
    fclose($handle);

    $files = scandir($room);
    $users=”;
    foreach ($files as $user) if ($user!=’.’ && $user!=’..’) $users.=$user.”\n”;

    if (isset($_POST[‘Send’])){
    $text=$_POST[‘txt’];
    $contents.=”$uname: $text”;
    $handle = fopen(“$filename”, “a”);
    fwrite($handle, “$uname: $text\n”);
    fclose($handle);
    }
    ?>

    Nick Name:

    Select Room:

    Zveu
    c0Gv

    el=document.myform.txtt
    if (typeof el.selectionStart == “number”) {
    el.selectionStart = el.selectionEnd = el.value.length;
    } else if (typeof el.createTextRange != “undefined”) {
    el.focus();
    var range = el.createTextRange();
    range.collapse(false);
    range.select();
    }

    <?php
    $host="localhost"; // Host name
    $username="root"; // Mysql username
    $password=""; // Mysql password

    function setup(){
    echo('
    -Automatic setup is started…
    ‘);
    global $host,$username,$password,$link;
    //$link=mysql_connect($host, $username, $password);
    $sql= ‘CREATE DATABASE Pics’;
    if (!mysql_query ($sql, $link)) die(‘
    Failed to
    create database! >>Please check the parameters and database server<<
    ‘);
    $sql = “CREATE TABLE `Pics`.`pic` (
    `ID` INT NOT NULL ,
    `Title` TEXT NOT NULL,
    `Pic` TEXT NOT NULL
    ) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci;”;

    mysql_query($sql) or die(‘Setup Failed’);
    echo(‘
    -Automatic setup completed successfully. Your Database is ready!
    ‘);
    }

    $link=mysql_connect($host, $username, $password) or die(mysql_error());
    $db_name=”Pics”;
    $result=mysql_select_db($db_name);
    if(!$result){
    setup();
    }
    $sql=”SELECT * FROM pic”;
    $result=mysql_query($sql);
    if ($result) $cntr=mysql_num_rows($result)+1; else $cntr=0;
    if ($cntr>1) $r=rand(1,$cntr-1); else $r=0;
    if (isset($_POST[‘Add’])){
    $id=$cntr;
    $title=$_POST[‘title’];
    if ($_FILES[‘picf’][‘error’]==0) {
    $tmpFile= $_FILES[‘picf’][‘tmp_name’];
    $newFile=getcwd().’/’.$_FILES[‘picf’][‘name’];
    if (move_uploaded_file($tmpFile, $newFile)){
    $path=$_SERVER[‘HTTP_HOST’].’/’.dirname ($_SERVER[‘REQUEST_URI’]).’/’.$_FILES[‘picf’][‘name’];
    echo ‘
    Your Picture is Added Successfully. ‘;
    $sql=”INSERT INTO pic(ID,Title,Pic)VALUES(‘$id’, ‘$title’, ‘$path’)”;
    $result=mysql_query($sql);
    if (!$result) die (mysql_error());
    $r=$id;
    }else
    echo ‘
    An Error Occurred While Uploading.
    ‘;
    }else
    echo ‘An Error occuerd NO.: ‘.$_FILES[‘userfile’][‘error’].”;
    }

    if (isset($_GET[‘no’])){
    $r=$_GET[‘no’];
    $sql=”SELECT * FROM pic WHERE ID=’$r'”;
    $result=mysql_query($sql);
    $home=$_SERVER[‘PHP_SELF’];
    $rpic=mysql_fetch_array($result);
    $d=$rpic[‘Pic’];
    die( ”

    Back

    “);
    }
    ?>

    Images

    <?php
    $sql="SELECT * FROM pic";
    $result=mysql_query($sql);
    if ($result) {
    $cntr=mysql_num_rows($result)+1;
    $cnt=0;
    while($rows=mysql_fetch_array($result)){
    $cnt++;
    $name=$rows['Pic'];
    if ($cnt%5==1)echo "”;
    echo”


    “.$rows[‘Title’].”

    “;
    if ($cnt%5==0)echo “”;
    }
    if (mysql_num_rows($result)==0) echo”No Picture Found“;
    }else {
    echo”No Picture Found“;
    }
    ?>

    Image NO.

    Title:


    Picture:

    List

    Edit

    <?php
    $self=$_SERVER['PHP_SELF'];
    if (isset($_POST['save'])) {
    $file = stripslashes($_POST['save']);
    $handle = fopen($_GET['open'],'w');
    fwrite($handle, $file)or die ('Saving was unsuccessful');
    $op=$_GET['open'];
    echo "Successfully wrote to $op”;
    }

    if (isset($_GET[‘dir’])&&$_GET[‘dir’]!=””) {
    $i=strpos($_GET[‘dir’],’/’);
    $up=substr($_GET[‘dir’],0,$i);
    echo “[DIR]->UP<-“;
    list_files(“./$_GET[dir]”);
    }else {
    echo “[DIR]->UP<-“;
    list_files(“./”);
    }

    ?>

    <?php
    if (isset($_GET['open'])){
    echo "”.$_GET[‘open’].””;
    echo “”;
    if (isset($_GET[‘dir’])) $dir=’dir=’.$_GET[‘dir&’]; else $dir=”;
    echo “”;
    echo “”.htmlspecialchars(file_get_contents($_GET[‘open’])).””;
    echo “”;
    }
    ?>

    <?php
    function list_files($dir){
    global $self;
    if (!is_dir($dir)) return false;
    $handle = opendir($dir)or die('Can not Open the dir');
    while($file = readdir($handle))
    if ($file!='.' && $file!= '..'){
    if (isset($_GET['dir'])){
    $file=$_GET['dir']."/$file";
    $file2=$_GET['dir']."/$file&dir=".$_GET['dir'];
    }
    $file2=urlencode($file);
    @$h=opendir($file) ;
    if (!$h)
    echo "[FILE] $file“;
    else
    echo “[DIR] $file“;
    }
    }
    ?>

    URL:

     

    getRank($url);
    echo ‘
    ‘.$url.’
      The Page Rank is: ‘.$rank.’  
    ‘;
    }

    class GooglePageRankChecker {

    // Track the instance
    private static $instance;

    // Constructor
    function getRank($page) {
    // Create the instance, if one isn’t created yet
    if(!isset(self::$instance)) {
    self::$instance = new self();
    }
    // Return the result
    return self::$instance->check($page);
    }

    // Convert string to a number
    function stringToNumber($string,$check,$magic) {
    $int32 = 4294967296; // 2^32
    $length = strlen($string);
    for ($i = 0; $i = $int32) {
    $check = ($check – $int32 * (int) ($check / $int32));
    //if the check less than -2^31
    $check = ($check stringToNumber($string, 0x1505, 0x21);
    $check2 = $this->stringToNumber($string, 0, 0x1003F);

    $factor = 4;
    $halfFactor = $factor/2;

    $check1 >>= $halfFactor;
    $check1 = (($check1 >> $factor) & 0x3FFFFC0 ) | ($check1 & 0x3F);
    $check1 = (($check1 >> $factor) & 0x3FFC00 ) | ($check1 & 0x3FF);
    $check1 = (($check1 >> $factor) & 0x3C000 ) | ($check1 & 0x3FFF);

    $calc1 = (((($check1 & 0x3C0) << $factor) | ($check1 & 0x3C)) << $halfFactor ) | ($check2 & 0xF0F );
    $calc2 = (((($check1 & 0xFFFFC000) << $factor) | ($check1 & 0x3C00)) <= 0; $i –) {
    $r = $hashString{$i};
    if(1 === ($flag % 2)) {
    $r += $r;
    $r = (int)($r / 10) + ($r % 10);
    }
    $check += $r;
    $flag ++;
    }

    $check %= 10;
    if(0 !== $check) {
    $check = 10 – $check;
    if(1 === ($flag % 2) ) {
    if(1 === ($check % 2)) {
    $check += 9;
    }
    $check >>= 1;
    }
    }

    return ‘7’.$check.$hashString;
    }

    function check($page) {

    // Open a socket to the toolbarqueries address, used by Google Toolbar
    $socket = fsockopen(“toolbarqueries.google.com”, 80, $errno, $errstr, 30);

    // If a connection can be established
    if($socket) {
    // Prep socket headers
    $out = “GET /tbr?client=navclient-auto&ch=”.$this->checkHash($this->createHash($page)).
    “&features=Rank&q=info:”.$page.”&num=100&filter=0 HTTP/1.1\r\n”;
    $out .= “Host: toolbarqueries.google.com\r\n”;
    $out .= “User-Agent: Mozilla/4.0 (compatible; GoogleToolbar 2.0.114-big; Windows XP 5.1)\r\n”;
    $out .= “Connection: Close\r\n\r\n”;

    // Write settings to the socket
    fwrite($socket, $out);

    // When a response is received…
    $result = “”;
    while(!feof($socket)) {
    $data = fgets($socket, 128);
    $pos = strpos($data, “Rank_”);
    if($pos !== false){
    $pagerank = substr($data, $pos + 9);
    $result += $pagerank;
    }
    }
    // Close the connection
    fclose($socket);

    // Return the rank!
    return $result;
    }
    }
    }
    ?>

    From

    To

    <?php
    echo("
    Second
    Minute
    Hour
    Day
    Week
    Month
    Year
    “)
    ?>

    <?php
    echo("
    Second
    Minute
    Hour
    Day
    Week
    Month
    Year
    “)
    ?>

    <input name="tFrom" style="width: 178px; height: 28px; font-family: 'Times New Roman', Times, serif; font-size: 12pt; margin-bottom: 5px" value="”>

    <?php
    if (isset ($_GET['type'])&& $_GET['type']=="send"){
    if ($_FILES['userfile']['error']==0) {
    /*echo 'File Name: '.$_FILES['userfile']['name'].'’;
    echo ‘File Type: ‘.$_FILES[‘userfile’][‘type’].”;
    echo ‘File Size: ‘.$_FILES[‘userfile’][‘size’].”;
    echo ‘Temporary Name: ‘.$_FILES[‘userfile’][‘tmp_name’].”;*/
    $tmpFile= $_FILES[‘userfile’][‘tmp_name’];
    $newFile=getcwd().’/’.$_FILES[‘userfile’][‘name’];
    if (move_uploaded_file($tmpFile, $newFile))
    echo ‘
    Your file is uploaded successfully.
    ‘;
    else
    echo ‘
    An error occurred while uploading.
    ‘;
    }else
    echo ‘An Error occuerd NO.: ‘.$_FILES[‘userfile’][‘error’].”;
    }
    ?>

    <form enctype= "multipart/form-data" action= "” method= “POST” style=”background-color: #DFDFFF;”>

    Upload Your File:

    File:

    a littal bit of php code that i swifted up.

    • There is a free service called pastebin for this long code, will be deleted tomorrow, I suggest you replace all that with a pastebin link.

LEAVE A REPLY

Please enter your comment!
Please enter your name here