Hackers publish thousands of copies of fingerprint of German Minister who promotes fingerprint biometrics

Hackers from the Chaos Computer Club lifted a fingerprint from German Interior Minister Wolfgang Schauble, printed it on plastic, and distributed it by the thousands with their magazine for anyone who wants to impersonate the Minister at a biometric checkpoint. Remember folks: short of amputation, a biometric identifier can't be revoked or changed.

Schauble is a big proponent of the use of fingerprints in passports but is not the CCC's only target. The group has called for help in obtaining the prints of other German officials, including Chancellor Angela Merkel.
The CCC's publication of the fingerprint coincides this week with the presentation of a security researcher who demonstrated a biometric keylogger that can capture digital fingerprints and other digital biometric data as its transmitted from a scanning device to the server where the information is processed. The hacker can then analyze and re-use the data to subvert biometric systems and gain entry to secured buildings.

Link

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: Civlib • Happy Mutants

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

Jeff

Belac, any system as rigid as the one you discribe seems so illogical from the start that we can be fairly sure this won’t be the case. Our technology will improve and will reflect our culture. If our culture continues to support sub-cultures such as Facebook and Myspace, then the idea of privacy might be in for some radical transformations. After all, people by the millions are divulging personal information that would have been considered absolutely private not too long ago. A culture where you live in the “open” may seem horrible in some ways, but then, the people that govern will be expected to live in the open also.
Belac

That doesn’t change the fact that fingerprints and biometrics are useless as secure identification devices.
Skep

Absolutely great, and on target, prank. Perhaps Schauble will have a change of heart? More likely, he’ll just push for ineffective laws making distributing copies of fingerprints a crime.

..In the meantime he also has to worry that not only can a fingerprint be used to access scanners, a finger print impression can be left at crime scenes…

One of the problems with biometrics is that people put too much stock in them. DNA, for instance. We shed DNA all the time, so it is actually just as easy, perhaps easier, to plant DNA evidence. In court, however, people are awed by the DNA identification, and gloss over the details of whether that actually proves the suspect was involved. DNA is a tool, like fingerprints, and it must be considered in careful context.
Sam

thats not very…nice.
edd17

He wants ours, now we have his. Seems like a fair exhange.
Teapunk

Give the man what he deserves – in this case, give him his Umlaut back. It’s SchÃ¤uble, not Schauble. Also known as “Stasi 2.0″.
Strangely enough he threatened to sue the CCC but this news seems to have disappeared over the weekend and now he apparently takes it with good humour. Which is weird, because he doesn’t have any.
Jexy

Yep, spot on. Can we invent a word like “Schaubled” to describe an overzealous lawmaker who gets hoisted by his/her own petard?

Example:

Joe: Did you see Chertoff copped a cavity search at JFK?
Jack: Yeah, he got totally Shaubled.
Ingmar

SchÃ¤uble (yes, there’s a pesky umlaut in there) predictably downplayed the whole thing, saying it does not change his opinion. Still, a cool real-life hack.
clockwork

with every passing day and every passing boing boing post i am inclined to believe we live in some kind of bizarre, dystopic, science fiction novel…

high-tech government surveillance, the earth potentially slipping into other dimensions, radical apocalyptic cults running governments (see america, iran), food being used for fuel while millions starve, corporations wielding more power than nation states, the earths crust being turned inside out, mass extinction of plant and animal species, continents of garbage in the pacific, radical body modification, orgies of youth in public places, jihad in america/uk/spain

are all those wack conspiracy books about secret lizard people running the world via the british monarchy/free masonry/chinese banks true too?

where the hell is my soma,,,
Jeff

Clockwork, in what seems like prescience, Robert A. Heinlein called this time period The Crazy Years. Some of those predictions/speculations seem right. Of course, other aspects of his future history are way off mark. Anyway, I just expect that personal identity will become an even more abstract concept as we learn to scan our brains and use them as backups.
abb3w

Jeff: Hopefully we’ll still have an election in 2016.
owza

They can get my fingerprints “from my cold, dead hands” oh hang on they can!
Bazilisk

I understand a lot of arguments for civil liberties sort of intuitively, but I can’t quite wrap my head around this one. On a practical rather than just aesthetic (OMG DYSTOPIA!!) level, why is the use of fingerprints as keys wrong? This really seems like something that is useful as an actual security tool instead of a creepy way to control everyone…unlike most other ideas “to increase security,” this sounds legit.
technogeek

Traditional suggestion to reject hardcopy replicas of fingerprints (or amputated fingers): run a few additional tests, such as checking for a pulse behind the fingerprint. It’s still defeatable, but it raises the bar significantly.

There are multiple axes of security — what you know (passwords), who you are (biometrics), what you possess (physical tokens such as keys), and so on. The ideal system would combine all of these, be highly resistant to forgery or bypassing or theft, yet be unobtrusive. That’s a tall order, and security professionals in both the physical and data worlds have been working on it for centuries. Since it’s an engineering question, it’s unavoidably going to be something of an ongoing arms race.

I should point out that one can “change fingertips “– by changing which finger is used to unlock a specific system, and having the others recorded as “abuse, call security guard to make this character explain himself”… Much like the use of “duress” combinations on some safes, which set off a silent alarm. A good system could index which fingertip is appropriate based on calendar or time or some similar criterion, combining the biometric aspect with a knowledge test.
Belac

Basilizk,
Imagine if your bank PIN and debit card # could never be changed. If it was compromised, for the rest of your life anyone who wanted to could withdraw money from your account, and could not be stopped by any means at all.

That’s what fingerprint identification would do. The great thing about passwords is they can be changed if compromised. Biometrics can’t.

This is more about practical security than civil liberties–biometric-based security will be impossible to fix once compromised, and is thus utterly useless.