Don’t Wave: Hacker Uses Online Photos to Replicate Fingerprints, Bypass Biometric Security

by | Dec 30, 2014 | Headline News | 84 comments

Do you LOVE America?



    If you think the biometric security on your phone or front door are enough to keep your personal information or belongings safe, think again.

    German hacker Jan Krissler, who operates under the handle Starbug, has demonstrated that a simple photograph posted online can be used to recreate your fingerprint using commonly available imaging software.

    One expert has recreated the fingerprints of Germany’s Minister of Defence, Ursula von der Leyen, using just a photo of her.

    The security researcher known as Starbug, used publicly available software called VeriFinger with photos of the finger taken from different angles.

    Starbug, whose real name is Jan Krissler, told attendees of the Chaos Computer Club’s (CCC) 31st annual congress in Hamburg, Germany, how he achieved the hack.

    Mr Krissler obtained a high-resolution photograph of the politician’s thumb using a ‘standard photo camera’ during a press conference.

    He also used other ‘good quality’ photos of the politician, taken from a variety of angles.

    From these images, he reconstructed an accurate thumbprint using the VeriFinger software.

    This software is good enough, according to CCC, to fool fingerprint security systems.

    ‘These fingerprints could be used for biometric authentication,’ it wrote in a blog post.

    Source: The Daily Mail

    In this particular demonstration Krissler used several photos and ran them through a software application called Verifinger to recreate the minister’s fingerprint.

    In the future, as biometric fingerprint technologies become more prevalent, such a hack could be even easier than stealing someone’s wallet. A simple wave of your hand to someone taking a picture and then posting it online could now become a major security threat and could be a boon to identity thieves. All that an unscrupulous individual would need is a picture of your fingerprint. With high resolution cameras now embedded on most smart phone devices photographs of a particular target could be downloaded directly from a social media page or an image sharing web site. Or, someone can simply snap a photo of your hand from a few feet away as you pass them on the street.

    In a recent blog post, Starbug says that once replicated the copycat print can easily defeat biometric authentication:

    The questionable validity of security claims by the vendors of fingerprint systems will be even more disputed after this presentation.

    But how can you defeat such a simple method for stealing your identity?

    Starbug provides a tried and true solution. “After this talk, politicians will presumably wear gloves when talking in public.”


    It Took 22 Years to Get to This Point

    Gold has been the right asset with which to save your funds in this millennium that began 23 years ago.

    Free Exclusive Report
    The inevitable Breakout – The two w’s

      Related Articles


      Join the conversation!

      It’s 100% free and your personal information will never be sold or shared online.


      1. It doesn’t matter what anyone does to make something secure, someone else will always find a way around it.

        • Yea, so don’t take pictures of your fingers from 2 inches away. Sorry, they aren’t getting your fingerprints from a photo of you waving at 20 feet.

          • With a 41MP camera on the Nokia Lumia, you think that’s not possible?

        • Mac blocked/moderated out my answer to a question DK often asks.

          Q: Who was that Masked Man?

          Hey Slavo… Why do I get a creeping suspicion that you and the Kidd are one and the same?

          BTW: Your comment rating system powered by Widget has a serious flaw. I suggest you take a look at it.

          OOPs… You have finally figured that out.

          • Hey Mac, Ill be back… with a different IP.

            Count on it!

          • This is why “fist bumps” were invented. 🙂

            • And the durango kidd regularly indulges in the “peter bump.”

              • I knew someone would come up with a term for when a synchronous dp event goes awry.

          • OOPs… I guess not!

        • Politicians should wear a full-boy condom just to prevent infecting the rest of the population.

        • Politicians should wear a full-boy condom just to prevent infecting the rest of the population.

      2. This technology combined with a 3d printer and you got yourself a hall pass .
        Scary stuff.

        • Few things are more irritating than when someone who is wrong is also very effective in making his point.

          Mark Twain
          Samuel Clemens (1835 – 1910) author & humorist

          Same shit, new day…

          • He was a wise man, soooo ahead of his time….

        • I read this article earlier today off of Freedom Phoenix. Lots of article swapping going on.

      3. TPTB are working overtime to get us ready to be chipped.

        • Yup, this is just another step in that direction, isn’t it? Of course, it would probably be easier to hack an RFID chip than re-create fingerprints, but TPTB will never let on to that secret.

          • Maybe they can get my knuckle print from their eye.

            • Second that motion!!!!!

          • I really find it hard to believe some of the stories that come out these days. Who would bother to go to the trouble to recreate a set of prints in the hopes that the victim had some sort of biometric security device to bypass. This sounds like kind of a stretch.
            It seems that I run across a lot of people who are or act boderline retarded. Where are all these geniuses? My step son is one of those vidiots who thinks he is a hacker and he couldn’t figure out how to check the oil in his car. I finally had to walk over and show him. Didn’t know that you had to or actually COULD add air to his fuckin tires and I am to believe someone can make prints from a photo? Nah!

            • Yes, but he could probably take out a mortgage in your name if he wanted to. I can tear down the engine in my motocross bike and rebuild it in a few hours (2-stroke) but could hack into anything, and I build my own computers. Just never wanted to acquire that particular skill set. Gave thumbs up anyway.

              • Oops meant “couldn’t hack into anything.”

                • Hacking is a mindset. It reads like this:

                  I don’t care if anyone says thats impossible, if I think it can be done, I’m going to try and make it work.

                  Simply: Hackers make stuff work that society and industry say can’t be done. Been doing it all of my life. Took me 4 hours one night to recable my previous companies NOC so that they could run compilers for 3 different OS version at once without the NFS links dying off. All it took was a couple extra ethernet cards and a good knowledge of routing. 3 different CompSci guys (two with master degrees and one with a PhD) had been trying for 6 months to get it done. I did it in 4 hours and I’ve “only” got an associates degree. Go figure… Hacking is about thinking and the faster you think the better you hack.

                  Electrical Systems…
                  Guns & Ammo…

                  I’ve seen hacks in all those areas. Done some of my own in several of them.

                  Hacking is not breaking in and stealing data or wrecking a website or recreating fingerprints so you can steal someone’s furniture. Thats called “criminal activity”. Of course it involves hacking, maybe. Or, maybe not.

                  Hacking is good. Using the fruits of your hacking for criminal activity is just criminal activity and is bad.

        • Chipped? Ha! Talk about easy to duplicate. I would now consider THAT an enhancement in security AT ALL!

          No, you can’t get my fingerprints by me waving at 20ft, but, sure as the sun comes up, I can scan your chip from 20ft away. Actually farther than that with the right equipment/antenna.

          None of this stuff was ever designed to help you do anything. Its all designed to track, enslave, monitor, surveil you and, in the process, make you *FEEL* safe.

      4. Well that’s just plain scary.

        • the mafioso just cut off a finger and use it directly.

      5. OFF TOPIC

        New Years Menu Jan 1st. 2015

        Black Eyed Peas (For Luck)
        Collard Greens (For the color of money I hope to make in 2015)
        Corn Bread with Pepper Jelly (For the sweetness of a good home/family)
        Bourbon Whiskey to warm my heart
        A Thankful Prayer for all God gave me in 2014.

        More Cope were gunned down this past year than any other time, that should make the Libertarian loons on this site happy-happy, (you sick bastards know who you are) and the rest of us sad.


        • Cops not Cope, crap!

          • Since you mentioned “cops”, here is a little update on the NYPD.

            Since the two cops were killed and the NYPD has a rift with the Mayor and other city officials, the citations and arrests have dropped dramatically, nearly 95% for the same time period as last year, for some crimes.

            Angry union leaders have ordered drastic measures for their members since the Dec. 20 assassination of two NYPD cops in a patrol car, including that two units respond to every call.

            It has helped contribute to a nose dive in low-level policing, with overall arrests down 66 percent for the week starting Dec. 22 compared with the same period in 2013, stats show.

            Citations for traffic violations fell by 94 percent, from 10,069 to 587, during that time frame.

            Summonses for low-level offenses like public drinking and urination also plunged 94 percent — from 4,831 to 300.

            Even parking violations are way down, dropping by 92 percent, from 14,699 to 1,241.

            Drug arrests by cops assigned to the NYPD’s Organized Crime Control Bureau — which are part of the overall number — dropped by 84 percent, from 382 to 63.

            Just a few days ago, the NYPD hired an additional 800 new cops.

            Go figure.

            • Too bad they did not stop all that bullshit for the right reason.

            • Sinner,same amount of cops killed in 2012,so,was that also a libertarian crime wave?!The numbers of cops who kill themselves with a gun each year much higher.As for nypd cutting back on summonses ect.and yet the city moves along just fine means the city needs less cops/laws ect.Just let the folks arm/defend themselves and the need for cops would drop even lower.

              • Ignore him, he is like a pharisee who preaches but doesn’t know the Father or His word.

        • @ Sinner

          Based on what evidence do you conflate Libertarians with cop killers? Manly of you to call people you know nothing about sick bastards.

          The Non-Aggressive Principle is the Libertarian foundation. One may use force only in defense, proportionate to the attack.

          There’s been hundreds of comments on this site over the years reporting the State’s use of violence out of proportion to the necessity as its first response.

          Your comment says more about you than it does about Libertarians.

          • Are you a member of Downsize DC? They have a great take on the Zero-Agression principle and send out e-mail alerts you can send to your congress-aholes. Excellent organization.

            Yes, I consider myself a conservative/libertarian, but am very conflicted on the militarization of police using power of law to commit crimes vs. privacy of the individual.

            Most of these recent issues have no good guy, a thug attacking a cop, a cop shooting him when he could have used less than lethal force. This will not end well, not at all.

          • @Bengal….blah-blah-blah, A brand new name for a same old troll.

            You’re right about the Police being “Out of Control”, just today I saw 12 citizens pulled out of their cars and shot by Cops on my way to work.

            Got reality?

            • Right, keep licking the boot in your face and sucking down hard on the badge.

            • @ Sinner

              Present your evidence for identifying Libertarians with cop killers.

              Your naked say so has no authority.

        • If you have to Eat BEP’S or Collard greens you are neither lucky or rich. Best use of both is compost.

      6. And this technology can most likely be used to defeat iris scanners too

        • Thanks 88, you just gave me a serious case of the heebee-geebee’s!

        • I have seen numerous photos of celebrities online that are sharp enough to copy their iris images. There may be some equally sharp photos showing their hands. I’m pretty sure a search would turn up a few, and I would guess celebrities could afford biometric security systems for their houses.

      7. My husband is forever laughing at me because I have tape over the camera (eye) on our lap top. Who’s laughing now sucka?!?! HAHAHAHAHAAH. Scary.

        • Anyone who doesn’t do that is an idiot!!! Good on you!

      8. Simple way to defeat this. There was a murder here on the ME/NH border last summer committed by 3 teens. They put superglue on their fingertips to mask their prints. Didn’t even need to wear gloves and look suspicious in the middle of summer. Idiots still got caught though… Dumbasses drugees dumped the body on the side of a busy road, it was found an hour later.

      9. For those who wish to celebrate New Years with a few adult beverages, here is a popular drink we use. It never lasts until midnight.

        ———————-APPLE PIE DRINK——————–

        64 oz apple cider
        48 oz apple juice (one can frozen plus water)
        4 cinnamon sticks (or red hots or discs or powder)
        4 whole cloves (or ground clove)
        1 cup white sugar (optional)
        1 cup brown sugar
        16 oz of everclear or 180 proof vodka or home brew

        Mix juice, cider, brown sugar, cinnamon sticks in pan and boil. Taste. Add white sugar if more sweetness is desired or more cinnamon.

        IMPORTANT: Let cool before adding alcohol as it will boil off at a lower temperature than water. If you are a distiller, of course you already know this.

        Makes one gallon. Refrigerate in glass gallon jug until cold. No glass? meh. Use whatcha got.

        If you like it stronger, add more alcohol…careful…it’s a creeper. lol.

        Prost! Cheers (for the non-Germans)

        • Here’s one any fellow veterans here who were stationed in the PI may remember well.

          MOJO (one pitcher)

          1 bottle of beer (San Miguel or similar lager)
          5 oz dark rum
          5 oz vodka
          5 oz gin
          5 oz whisky
          4 oz pineapple juice
          4 oz orange juice
          4 oz sprite
          1 oz lime juice
          5 calamansi or 1 lemon
          splash of grenadine

          Just remember it tastes best when served by a brown girl.

          • OMG, I had a Mojo party at my apartment about 20 years ago and haven’t been the same since lol!!! I had blocked the memory, thanks a lot for bringing up repressed images… It took me hours to clean the floors afterwards, that shit is sticky when spilled!

            • I think we used Hawaiian Punch instead of grenadine and Corona instead of San Miguel (hard to find in Maine).

            • MX – Was that your place ? !
              Sorry about the mess .
              The view from the bathroom floor aint so great either!

              Just cant do it anymore……..

              Happy new year all.

            • White Christmas….aka russian Quaalude

              big tall glass or quart jar

              1 jigger of vodka or homebrew
              1 jigger of Frangelica
              1 jigger of Kahlu’a
              1 jigger of Amaretta
              1 jigger of Bailey’s Irish Cream

              Stir briskly and add plenty of ice, stir
              Top off with milk and stir again.

              Tastes like a good milk shake but will mellow you down quickly. For light weights, just use a regular shot glass for measuring ingredients, or split with a partner

              Note: Ingredients not cheap but it is worth it.
              Frangelica alone, is about 25 bucks.

          • make sure to check for tape…

          • Mojo party my ass!

            Sounds like someone went in after a party and rounded up all the half drunken drinks and put them in a pitcher. Better filter that shit for cigarette butts before you drink it.

            ROFL MAO. 🙂

        • Anything with everclear and sweets will definitely creep up on you, do not drive after, speaking from experience….

          • Everclear? One of my preps. I keep at least 4 fifths on hand at all times.

            Disinfectant. Fuel. Booze. Cleaner. Tictures.

            But! Beware! That stuff, even in small doses, will put you in hangover land. In fact the only hangover I’ve ever had was from Everclear. It got rid of my headache (I don’t drink to get drunk, usually just for head and body aches) then gave me a worse one with nausea to boot. Ugh!

            • It’s amazing stuff, the very same thing that gives you hangovers can also cure them.

      10. Wave like this
        ……..(‘(…´…´…. ¯~/’…’)
        ……….”…\………. _.•´

        • Hey! The Hawaiian good luck sign! yeah!

      11. It’s time for a good drink… Wake me when it gets interesting.

        • I read about this last week…where’ve y’all been?

      12. The penalty for hacking is not severe enough to deter the crime. As long as people feel the crime is worth the risk, they will continue to commit the crime.

        • Hacking has never been a crime. Misuse of hacking talent is just crime. Just like shooting. Shooting is not a crime. Misuse of shooting, well, thats a crime. (…unless you’re a cop, then its just a vacation!)

      13. Maybe instead of using a fingerprint for biometric authentication, people could just be required to get a chip implanted in their hand or forehead. /sarcasm

      14. Off Topic!
        I need some input from some you great folks on this site.
        I’m going to reload 7.62X54R.
        What I need is a load using slugs weights around 150Gr. or 175Gr.
        I know I can get ammo now, but if I get stuck in my house or BOL 2 and can’t go shopping I would like to reload it.
        I have brass and getting more slugs. Oh ya slugs I have very tight rifling can I use the same slug I’m using in my 308’s?
        Powder I use 748, Varget, H4350, BLC2.
        I would really appreciate any help I can get on this.
        Thanks in advance for the help.

        • If you are an NRA Member you can usually get good answers on this stuff from them.

        • Sarge, are you reloading surplus cases? Depending on the priming and case type, reloading might not be worth the hassle. Most 7.62x54R surplus ammo is Berdan primed, and/or steel-cased. Berdan primers are difficult to find and steel sucks to reload.

          So, although difficult, it’s not impossible. I would rather spend my time and money on stocking up the surplus ammo while it is still cheap and readily available. Good luck.

          • Para and No
            Thanks for the reply.
            I’ll check the NAR info.
            I’m using Graf and son commercial brass, and W.W. No military. I’m not going to mess with the Berdan primers.

            Any Info would be appreciated.

            • lee makes a good mold for it 312,, 185 grain,, with gas check. you will want to use linotype lead,, really hard lead best for rifle bullets.. check your local scrap/recycler for lead supplies, i would love to send you some but i only have 200 pounds of linotype, sorry, cant find load data at this moment.

            • go to and look under rifle data

          • No, he is fishing and pumping……..OPSEC sometimes can be over played ona site like this where some have talked for years and would love to get to know one another better ….camaraderie and all.

            But when talking this talk with that much specifics and TO A COP WHO HAS DONE WORK WITH THE FBI….you keep your freaking mouth shut! This is definitely when you practice OPSEC for cryin out loud.

            Hint to all…..take a cue from Paranoid above.

        • Sgt,

          Your 308 powders will work well. Your bullets will not work at all. …and your primers, well, keep reading.

          The bullet diameter for the 7.62.54R is .312. Your 308 is .308. Jeez. They give me a headache making all these differe 30 cal bullets!

          Anyways, no way you’ll get a .308 bullet to fit a 7.62x54R barrel. You’ll have to have different bullets.

          Bullets in the 54R range from 150g to 180g. Most of those barrels have a 1-9.5 twist and will stabilize those bullets well.

          Warning: Much of the casings for the 54R are “berdan” primed. The primer anvil is built into the shell and they have two small holes on either side of the primer to vent the ignition gases into the powder. Berdan primed cases are considered “Not Reloadable”. (I’ve reloaded 22 rimfire on a dare and made it work, so there is NOTHING that is impossible.) I’m just telling you this because unless you buy some high qualiting brass casings which will come at a premium price, you won’t be able to reload them.

          What you have to have is “boxer” primed. Thats system your 308 uses for the primers. They exist but typically, they’re probably berdan primed.

          Good luck!

          BTW, don’t get the bullets mixed with your 308 stuff! Whew! That extra 4 thousands would give you overpressure in the event that you could get it in the chamber. My guess is seating a 54R bullet in a 308 case would expand the neck enough to keep it from being chambered. But, if you did, you would have to have a way reduced powder charge to keep it from popping its cork! …and, even if you did get it to work, bullets that big woudln’t be very accurate.

          • Another tip-o-the-day. Never RWI (Reload While Intoxicated).

            I knew someone from work years ago, he was a dumbass so no surprise to me, who incidentally used Bullseye (good but fast-burning pistol powder) in his .308 reloads. I say incidentally not accidentally because stupidity is no accident.

            He wasn’t paying attention, distracted by his beers, ego, and stupidity. Loaded up 50 rounds, went to the range (still drunk), fired only one round and totally ruined his gun and his day.

            Wasn’t pretty. Just glad I wasn’t there.

            Maybe RWS is more appropriate for this guy (Reloading While Stupid). This is why liberals don’t reload. Maybe they should.

        • Sarge, I’m using 4895, H4350, or H335 powder for all my 30-calibers loads, 308, 30-06, 8mm, etc., it works just fine in 7.62x54r. I like Winchester primers best, for some reason. For bullets, you need to use .311-diameter bullets, available in most reloading shops. Your bore could be .311, .312, .313, or even larger, depending on the amount of use your rifle has had.

          It’s the same bullet as the 303 British cartridge, in fact, or the 7.7mm Jap.

          If you have .308 bullets now, and no .308 rifles, you can use them up in your Mosin, but expect not-so-good accuracy. I’d trade them away, instead. Whatever you do, DO NOT mix them up with .311 bullets, or vice versa. Mark your .311 bullet boxes in LARGE letters, “MOSIN RIFLE ONLY, NO OTHERS”, or I guarantee one day you will force the bolt closed on a .308 and bust a receiver trying to shoot a .311 bullet out of a .308 barrel.

          If you’re getting your brass from Graf’s, it’s probably the Prvi Partizan stuff. That’s good brass, just be sure to neck size only, after the first full-length sizing, so you won’t overwork the brass with full-length sizing each time you reload. You shouldn’t have to FLS the brass again until the first length trimming.

        • Sgt Dale: Anyone here who could answer your question would soon be ID by the Cyber Squad who monitors this site 24/7 from a 300,000 sf office building in Chantilly (Lady?) Virginia, and targeted for “analysis”.

          Me? I don’t have any guns. Sheriff Joe will protect me. Hi Joe!!!! (Joe reads SHTF Plan too!!! 🙂

        • Why don’t you ask your fbi buddies 😉

      15. Sarge,willing to mold your own?This is a pretty good write up/discussion on it,damn,bookmarks are convenient!

        • Hmmmm….,I guess the bookmark might help! ht tp:// ,you know the spacing drill.

          • Yeah, you can mold your own, but in order to keep any kind of accuracy you’ll need to slow those bullets down. Cast bullets typically won’t take pressures over about 30 thousand. Plain based bullets can run up to about 1500fps while you can gascheck them to run up to almost 2000fps. Typical 54R pressures are 50,000+ and velocities are in the range of 2500fps. You’ll take a performance hit with lead, but, thats the nice thing about reloading! You can do whatever you want!

            • The steel/berden primed can be had about .21 a round.I saw some brass ect. but damn,about the 90 cent price range a round,but,perhaps then gives you a good reload base as the brass alone saw for about 45 a round,ouch!

              • It’s painful buying good brass-cased boxer 7.62x54r when all that surplus is out there for nothing, but I bought 1000 rounds of good Prvi Partizan ammo last year, just to have the reloadable brass. When you’ve fired off your last copper-washed Berdan steel-cased round of surplus ammo, you are defenseless unless you’ve got the bayonet on the end of your barrel.

      16. Net-War
        I’m using WW and Graf and Son brass. No Military Berdan stuff.
        I was wondering if my 308 bullets would work in the 54R. One of my rifles is a M39 Fin. with a 309 rifling. the other is a M44 with the 311 and a custom job that I did with a 311 rifling. I think I can use the 308’s in the Fin, but not the Russian’s.
        I know not to mix up the slugs they won’t work will in the 308’s. I don’t want to blow up my 308’s.

        Velocity recommendations?
        War was that a lyman mold you are talking about? I have one that I got for my 308’s many years ago, and I think it cast bullets at 172Gr. at .310 I sized them down to .308 This might just work.

        Thanks again guys for your help.

        • Sarge, you can shoot your .308 bullets out of your .311 barrels. You can shoot .270 bullets out of you .311 barrels, and all the way down to .223. But don’t do that, you won’t like the accuracy one bit, and you’ll erode the barrel.

          Just get the right .311 bullets, you’ll be just fine.

          You’re right, you can use the .308 bullets in your .309 Finnish M39. That’s the designed size.

          Mosin-Nagant rifles started out life as .308 diameter, but in the 50 years of their service, most barrels are worn out to .311-.313 or even larger. Sounds like you’ve slugged your bores so you know what you are doing.

          For velocities, any load you make up should run around 2000-2400 fps, 2500 fps is about the maximum, and beyond that you are in dangerous territory. Me, I think a .311 bore on a Mosin is telling me the rifle has seen a good bit of use, and I would load not to exceed 2250-2300 fps, just for safety. You don’t gain a thing with hotted-up loads anyway, the increase in velocity of 100 or 200 fps obtained only results in trivial trajectory flattening and worn-out barrels.

      17. Sarge,not something I have done myself,anyone asks about reloading tell em where to look,I am wrong guy to ask!I just had that bookmarked as a friend with Mosin was wondering about reloading and just did a little research on it,when something useful just bookmark for the future as in this case,have a good New year you and all on the forum!

      18. Buy the brass rounds then reload I have used the surplus stuff and the steel cases sometimes get cracks in them never had any problems with it myself but won’t think about reloading the cases just buy a ton of cheap surplus ammo the stuff is pretty good for the$ I stripped that red ugly melting shellac off my Mosin it was melting .sanded it easy not to destroy markings rubbed linseed oil now it’s a blond russian shes beautiful . It’s an ex sniper. Extremely accurate The steel case surplus ammo is steel core penetrator it’ll go through vehicle engine like a hot knife thru butta . Cheap anti material weapon .

      Commenting Policy:

      Some comments on this web site are automatically moderated through our Spam protection systems. Please be patient if your comment isn’t immediately available. We’re not trying to censor you, the system just wants to make sure you’re not a robot posting random spam.

      This website thrives because of its community. While we support lively debates and understand that people get excited, frustrated or angry at times, we ask that the conversation remain civil. Racism, to include any religious affiliation, will not be tolerated on this site, including the disparagement of people in the comments section.