A little more than a year ago, just after Apple introduced its fingerprint-based TouchID authentication system, hackers (the good kind) from the Computer Chaos Club (CCC) announced that they could already bypass Apple's system by copying the physical fingerprints of people.
At the time, the fingerprint was photographed from a glass, and then cloned. This method has been mostly dismissed as being not too dangerous, because who's going around collecting people's glass fingerprints (other than perhaps spy agencies collecting fingerprints of important targets)?
Jan Krissler, a member of the CCC, recently announced a new method of collecting and cloning fingerprints merely from publicly available photos, which could make fingerprint-based authentication systems far less secure than they've been so far.
The researcher proved this was possible by cloning the fingerprint of the German Minister of Defense, Ursula von der Leyen. He used commercially available software such as VeriFinger and a photo of the minister's hand from a recent conference.
As long as the systems that used fingerprint-based authentication are physical, such as a phone or a door, then those who steal and clone people's fingerprints should still face major hurdles because they will need physical access to those systems to make any sort of fingerprint clone.
However, if we start using fingerprints for authenticating to websites, that could be much more dangerous, because then malicious hackers could log in to those sites with cloned fingerprints. They could get those fingerprints simply by analyzing online photos of millions of people.
Even if websites eventually adopt fingerprint authentication, they will at least need to tie that authentication to a physical object that you own, whether it's your phone or PC. Then hackers would not only need to impersonate your fingerprint, but also hack into your phone or PC. That's not impossible, but it should drastically reduce the attack vector.
There are new methods of biometric authentication being developed for business customers, such as finger vein recognition, an authentication system that only works when a "live" finger is used, so despite its current flaws, biometric authentication may still prove useful in the future.
Follow us @tomshardware, on Facebook and on Google+.