How hackers can use your fingerprints to frame you

Privacy newsTips & tricks
2 mins
An eye with a fingerprint.

This post was originally published on June 17, 2015.

It’s the one thing that was supposed to be truly personal to you. As unique as the special snowflake that, deep down, you believe yourself to be.

But now, thanks to infamous hacking group Chaos Computer Club (CCC), this last shred of privacy has finally been ripped away. Yep—your fingerprint is now fully and remotely hackable.

That means criminals could impersonate you and frame you for crimes they commit. Murderers, robbers, donut thieves… any of them could leave a trail that leads back to you. So when the cops dust for prints, it’s you they’ll come looking for. If all this sounds far-fetched, read on.

The First Victim

The world’s first thumbprint-hacking victim was somebody who holds a considerable amount of power in her hands: the German Defense Minister, Ursula von der Leyen. Who knows what Big Red Button this politician’s cloned thumbprint could trigger? Yikes!

Hopefully the German government has replaced any fingerprint ID tech she uses. Because her prints are now owned by hackers.

The question you’re probably asking is: how did they do it? What kind of high-tech device-from-the-future could possibly hack and clone a thumbprint? Prepare to be surprised.

Ordinary Camera

It was an ordinary political news conference, like thousands before it. Ursula von der Leyen spoke calmly to the press, completely unaware of anything strange going on around her.

What she didn’t know was that CCC hacker Starbug (real name Jan Krissler) was in the room. And he was carrying with him… an ordinary camera. Just like any journalist at a news conference.

But that ordinary camera was all Starbug needed to get Ms von der Leyen’s thumbprint. He didn’t even have to touch his victim’s hand. A few zoomed-in photos from different angles were all the hacker needed.

Once he had the photos, the cloning process was also a lot simpler than you’d expect. Starbug did it with a program called Verifinger, which is available to buy online.

So not only can your fingerprints be hacked—anyone can get the equipment to do it, too.

Gloves For Everyone?

That touch ID on your new iPhone or Samsung smartphone is looking a little pointless now, huh? (Especially since CCC already hacked Apple’s fingerprint sensor back in 2013.)

But it’s even worse than that. From a good set of photos, a hacker can easily create a mold and a dummy print with your identity on it. The criminal can even stick the dummy print on their own finger. It’s all detailed in a method published by CCC, which uses everyday wood glue to make the dummy print.

So they could commit all kinds of heinous crimes, dab your prints around the room, and get away with it. Meanwhile, you could be looking at a life term… or less if the crime is actually donut theft.

It’s a scary thought. Remote fingerprint cloning is yet another killer blow to our personal privacy. But maybe there is one way you can safeguard your identity when faced with fingerprint hackers.

“Politicians will presumably wear gloves when talking in public” in future, suggests Starbug.

Uh, thanks for the tip, bro.

Read more: Biometric data collection around the world

Johnny 5 is the founding editor of the blog and writes about pressing technology issues. From important cat privacy stories to governments and corporations that overstep their boundaries, Johnny covers it all.