Fingerprint clone - Online Cyber Security News

MasterCard launches Credit Card with Built-In Fingerprint Scanner

Thursday, April 20, 2017 Mohit Kumar

MasterCard has unveiled its brand new payment card that has a built-in biometric fingerprint scanner, allowing customers to authorize payments with their fingerprint, without requiring a PIN code or a signature.

The company is already testing the new biometric payment cards, combined with the on-board chips, in South Africa and says it hopes to roll out the new cards to the rest of the world by the end of 2017.

Don't Worry, It Still Supports PIN-based Transactions as Fallback

Wait — If you think that this feature would not allow you to share your card with your child and spouse, don’t worry — Mastercard has a solution for this issue as well.

The company has confirmed that even if the card is configured to expect the fingerprint for authenticating a purchase, but it does still have a PIN as a fallback, in case, for some reason EMV readers fail to read fingerprint or you have yourself handed it to your child for shopping.

Stores & Retailers Don't Need New Hardware

According to Mastercard, the new biometric payment card will not require store owners and businesses to buy any new hardware, like fingerprint scanners, because the sensor in the card reads your fingerprint.

Since both the data and the scanner exist on the same card, the new payment cards work with existing EMV card terminal infrastructure — the standard chip/swipe readers you can find at many stores these days, though old magnetic stripe-only terminals won't be compatible.

But, Banks Need to Adopt New Technology

Before this new cards can be adopted worldwide, your banks or financial institution will have to get on board with the new tech.

If you want the new biometric card, you are currently required to go to your bank branch in order to have your fingers scanned and registered for the new tech. Your fingerprints will then be converted into an encrypted digital template that is stored on the card's EMV chip.

You can save up to two fingerprints, but both would have to be yours — you can not authorise someone else, even from your family, to use your card with their fingers.

How MasterCard Biometric Payment Card Works

Once your templates are saved, your card is ready to be used at compatible terminals across the world.

Merchants don't have to purchase new equipment to accept your fingerprint-enabled payment card but will have to update their machinery in an effort to use the new tech.

Now, while shopping at any store, just place your biometric payment card into a retailer's EMV terminal and then put your finger on the embedded sensor to pay. Your fingerprints will be verified against a template stored on your card to approve your transaction.

Can Fingerprints be Forged? And Other Concerns...

This new card is made in an attempt to make face-to-face payments more convenient and more secure, but this type of biometric verification is useless when it comes to online shopping, and so, does not provide any security over credit card frauds.

"Whether unlocking a smartphone or shopping online, the fingerprint is helping to deliver additional convenience and security," MasterCard security chief Ajay Bhalla said. "[A fingerprint is] not something that can be taken or replicated and will help our cardholders get on with their lives knowing their payments are protected."

But that isn't true.

Fingerprints can be faked, unfortunately, and we have seen previous research in which high-resolution images were used to make fake fingerprints for malicious purpose. So, criminals could put a fake fingerprint on top of their finger to shop from stolen cards.

In addition to biometric cards, MasterCard is also planning to bring contactless payments, which should function similar to mobile payments like Apple Pay where users authenticate themselves via fingerprint while holding their smartphones against the terminal.

Police Unlock Dead Man's Phone by 3D-Printing his Fingerprint

Thursday, July 21, 2016 Swati Khandelwal

Now no more fight with Apple or any smartphone maker, as federal authorities have discovered a new tool for unlocking phones, as far as your phone is using any biometric sensor…

3D Printing!

Yes, Police in Michigan is considering 3D printing a dead man’s fingers so they could unlock smartphones in investigation crimes using their biometric sensors.

A new report published today from Flash Forward creator Rose Eveleth revealed that the police recently approached professors at the University of Michigan to reproduce a dead man’s fingerprint from a prerecorded scan.

Once reproduced, the 3D print would be used to create a false fingerprint of the dead man, which could then be used to unlock his smartphone using its biometric sensors.

The man was a murder victim, and law enforcement investigators believed that his phone might contain some useful information relevant to the case.

Why Police Can't 3D-Print Themselves? Because...

Since smartphone biometric sensors used to detect someone’s fingerprints today rely on electrical currents that most 3D-printed objects can not conduct, such technique would not normally work and help investigators get into the victim’s phone.

This, in turn, made the police approach professor Anil Jain, who told Fusion that he "coated the 3D printed fingers in a thin layer of metallic particles" so that they could conduct electricity and "the fingerprint scanner can read them," helping the police catch the murderer.

Sounds great... Right?

But that will not always be the case.

When thinking about its implications and consequences in future, this technique could make everyone vulnerable who uses biometric security to protect the privacy of their smartphones.

Since fingerprints are the unique and all time the constant identity of a person, there is a risk of having someone steal a fingerprint using a high-resolution photo and recreating it that way.

Since the investigation is ongoing, much details about the technique are not available.

The best solution, for now, is to disable any biometric sensor enabled on your smartphone, just in case you don't want the police or anyone else to 3D print a replica of your fingers and unlock it with ease. Rather set a secure password to lock your device.

Remember: You can change your passwords if it is stolen, but you cannot change your fingerprints.

Hacker Clones German Defense Minister's Fingerprint Using Just her Photos

Monday, December 29, 2014 Swati Khandelwal

Hackers have already bypassed Apple's fingerprint scanner using fake fingerprints, and now they have found a way to reproduce your fingerprints by using just a couple of photos of your fingers.

Special Fingerprint sensors have already been used by Apple and Samsung in their smartphones for authentication purposes and in near future fingerprints sensors are believed to be the part of plenty of other locked devices that can be unlocked using fingerprints, just to add an extra layer of authentication. But, How secure are your fingerprints?

A member of Europe's oldest hacker collective, the Chaos Computer Club (CCC), claimed to have cloned a fingerprint of a Germany's federal minister of defense, Ursula von der Leyen, using pictures taken with a "standard photo camera" at a news conference.

At the 31st annual Chaos Computer Conference in Hamburg Germany this weekend, biometrics researcher Starbug, whose real name is Jan Krissler, explained that he used a close-up photo of Ms von der Leyen's thumb that was taken with a "standard photo camera" at a presentation in October -- standing nine feet (3 meters) away from the official. He also used several other pictures of her thumb taken at different angles.

Starbug then used a publicly available software program called VeriFinger with photos of the finger taken from different angles to recreate an accurate thumbprint. According to CCC, this software is good enough to fool fingerprint security systems.

"After this talk, politicians will presumably wear gloves when talking in public," Starbug told the audience at the Chaos Computer Conference (CCC) conference.

However, this is not the very first time when Chao Computer Club has targeted fingerprints. In past, the group has demonstrated how easily the Apple iPhone 5s can be unlocked using a fake fingerprint obtained from an individual who has touched a shiny surface, such as glass or a smartphone screen.

"This demonstrates—again—that fingerprint biometrics is unsuitable as [an] access control method and should be avoided," the group said at the time.

Moreover, just three days after the launch of the Galaxy S5, hackers successfully managed to hack Galaxy S5 Fingerprint sensor using a similar method that was used to spoof the Touch ID sensor on the iPhone 5S.

But this recent hack did not require any object 'carrying the fingerprints anymore,' which means that any person could potentially steal someone's fingerprint identity from photos posed on Facebook, Twitter or any social networking site.

This new finding by Starbug potentially calls into question the effectiveness of fingerprint scanners as a security measure. Fingerprints have been supported in the past as biometric identifiers, but because it can be easily reproduced, using fingerprints for security purposes raises questions.

The practical danger is low, because even after obtaining your fingerprint, the data thieves would still need to have your devices or otherwise find a way to sign in using your biometric information. But, the concern is more as the method require no technical skill to perform the fingerprint cloning.