Hacker reveals how to extract PIN of a smartphone from any selfie

Corneal Key Logger can extract PIN of any smartphone using the owner’s selfie

If you thought biometrics was the ultimate weapon of authentication, you may be proved wrong by Starbug. German researcher Jan Krissler, aka Starbug is a hacker whose claim to fame is breaching Appleโ€™s TouchID and recreating the German defense ministerโ€™s thumbprint from a high-res image.

Starbug has revealed that he can now decode anyone’s smartphone PIN code from any selfie โ€œimageโ€. ย of the owner.

Starbug and his colleagues have extracted the reflection of smartphone screens in the eye whites of โ€œselfieโ€ subjects, then they used an ultra-high resolution image techniques to extract the userโ€™s PIN code.ย Starbug presented his discovery at the Biometrics 2015 conference in London.

His team also revealed a method to take hi-res images of iris using a high-resolution camera and recreating them using a simple laser printer. They were alsoย able to extract the reflection of phone screens in the eye whites of โ€œselfieโ€ subjects, then using ultra-high res image techniques to glean the userโ€™s PIN code.

Here is an image of the โ€œcorneal key loggerโ€

Corneal Key Logger can extract PIN of any smartphone using the owner's selfie

The team then used this technique to extract the iris data of German chancellor Angela Merkel, using a photo taken at a press conference. He said that these images could be printed onto a contact lens and this method can be used to hack any biometric enabled authentication device.

Starbugโ€™s speech also focussed on the vulnerability of fingerprint and facial technology, saying that together with iris these represented โ€œ90% of the biometrics market valueโ€. โ€œEverything is spoofable,โ€ he said.

Earlier Starbug had revealed how to make a dummy fingerprint to spoof Appleโ€™s Touch ID sensor, simply by lifting a fingerprint from a basic print scanner and then making a mould. He also revealed how to use a digital SLR camera with a 200ml lens to take fingerprints that can be replicated from a distance – the method used to extract German Defense Minister Dr Von Der Leyenโ€™s thumbprint.

According to Starbug even fingerprint sensors featuring liveness detection are at risk. โ€œI can fool every fingerprint sensor in two hoursโ€, he said, welcoming challenges from manufacturers to beat their technology. Starbug said a simple photo of the users face is often more than enough – even for most infrared devices. Here “liveness detection is very important”, he said.

Starbug also outlined a method to bypass liveness detection that demands that makes users blink, and he closed his presentation defeating aย 3D facial recognition by using a papier mache mask.

Starbug said that the current biometrics technology is weak and should improved upon. However, he said he feels that biometrics is the future of the authentication.

spot_img

Read More

Suggested Post