The European group that first demonstrated a hack of Apple’s Touch ID using a fake fingerprint says it has discovered a way of recreating a fingerprint without a physical sample. The Chaos Computer Club’s Jan Krissler, better known as Starbug, demonstrated the technique at the Club’s recent 31st convention in Hamburg, using German Defense Minister Ursula von der Leyen as an example. Through commercial software called VeriFinger, Krissler says he was able to piece together Von der Leyen’s thumbprint based on publicly-available photos of her digits.
The average person is unlikely to be affected. The main source image was a close-up of Von der Leyen’s thumb from an October press conference, and most people appear in far fewer photos, especially ones with visible fingerprints. The original Touch ID hack also requires several hours at least, and initially took 30 hours to accomplish.
It still applies to modern iOS devices however, and could theoretically be used to target anyone in the public eye as long as enough photos of their hands exist. Apple — and other companies such as Samsung — have marketed fingerprints as inherently more secure than passwords or PINs, but the CCC data suggests that vulnerabilities do exist.