Researcher Karsten Zero, in a recent interview, said that if hackers stole user’s password, it can be easily replaced, but if stolen fingerprints, it opens a wide scope for committing crimes against the individual citizen throughout his entire life. Now, this statement has received yet another confirmation.
In the early summer of 2015, it became known that the unknown hackers attacked US Office of Personnel Management, OPM and stole the personal data of more than 21 million US government employees. Now the Office confessed that among the stolen information contained fingerprints of 5.6 million employees.
US intelligence investigating the incident, said earlier that they suspect in that attack hackers from China. Personnel Management of US is HR-department of the federal government. This means that hackers got the fingerprints of senior public servants.
In a special statement OPM representatives stated that the opportunities for misuse of the stolen data by hackers are currently limited. However, over time, this risk may increase since, for example, wider implementation of biometric authentication mechanism in public security services.
The victims of the leak were notified about this incident only in the end of September, although the Personnel Management service yet in summer hired a company that will deal with the protection of the financial data of civil servants.
So, how can you use someone else’s fingerprints? Security researchers from the Chaos Computer Club back in autumn 2013 have showed how easily to bypass the system of biometric identification TouchID on popular devices from Apple. After getting fingerprint, German hackers using the simple technology produced “artificial finger” and unlocked iPhone 5s, protected by TouchID.
A year later, in the winter of 2014 on the 31C3 team forum was presented a report about how to get biometric data remotely – for example via photos. This way, hackers don’t even need to get objects with your fingerprints like glasses; it is enough to get a high-resolution photo of your fingers.