Kraken Security Says Fingerprint Hacking Is Affordable And Easy

Not so safe: There are several forms of data protection that are more secure than fingerprint authentication … Right? You probably think so – after all, this is what companies and security professionals have told us over the years. However, as it turns out, faking fingerprints can be much easier than you might imagine in robbery movies. According to Kraken Security Labs, all you need is some wood glue, a laser printer, and an acetate sheet.

Cryptocurrency trading company published a report a few days ago on his official blog, he described how you can “hack”. The items you need to do this are affordable and the steps are simple enough for just about anyone to do, provided they have the motivation to do so, which is a rather daunting thought.

So how does it work? First things first, a potential hacker needs your fingerprint – or, to be more precise, Photo your fingerprint. They don’t really need physical access to everything you’ve touched, just an image of, say, a smudge on a laptop screen or a reflective desktop keyboard. Kraken also cites examples such as tables at the local library or the gym.

Either way, once the photo is sharp enough, you’ll need to create a negative in Photoshop – Kraken says his team was able to create a “decent” shot in about an hour.

Kraken then printed the negative image on an “acetate sheet” using a standard laser printer. According to the company, the toner mimics the three-dimensional structure of a real fingerprint. The next and final step is to get some wood glue from your local hardware store, dab some on your fake fingerprint, and let it dry. You can pull it off later, and here it is: a working copy of your fingerprint (hopefully not).

Obviously, we are not advising anyone to go out and do this, but according to Kraken, he was able to carry out this “well-known attack” on “most” of the devices available to his team members. As the company notes, if this were a real attack and not a controlled experiment, the consequences for the victim could be devastating.

With that said, it’s not all gloom and doom. Fingerprint authentication should be just one layer of a perfectly multi-faceted approach to data and account security. You also need to have a strong password and two-factor authentication (not via SMS) – the latter will prevent the problem of fingerprint hacking.

Good, most time. Unfortunately, some apps allow users to bypass 2FA with fingerprint login, so in such cases it would be safer to completely disable the latter and rely only on 2FA and a strong password.

Source link

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button