Hacker fakes German minister’s fingerprints using photos of her hands

It’s an old cliché of security researchers: fingerprints might appear more secure than passwords. But if your password gets stolen, you can change it to a new one; what happens when your fingerprint gets copied?
 
It’s an old cliché of security researchers: fingerprints might appear more secure than passwords. But if your password gets stolen, you can change it to a new one; what happens when your fingerprint gets copied?
 
That’s no longer an abstract fear: a speaker at the Chaos Communication Congress, an annual meeting of hackers in Germany, demonstrated his method for faking fingerprints using only a few high-definition photographs of his target, German defence minister Ursula von der Leyen.
 
Jan Krissler, known in hacker circles as Starbug, used commercial software called VeriFinger and several close-range photos of von der Leyen, including one gleaned from a press release issued by her own office and another he took himself from three meters away, to reverse-engineer the fingerprint.
 
“After this talk, politicians will presumably wear gloves when talking in public,” he joked.
 
Also reported at the conference was another security hole seemingly straight out of science-fiction: a so-called “corneal keylogger”. The idea behind the attack is simple. A hacker may have access to a user’s phone camera, but not anything else. How to go from there to stealing all their passwords?
 
One way, demonstrated on stage, is to read what they’re typing by analysing photographs of the reflections in their eyes. Smartphone cameras, even front-facing ones, are now high-resolution enough that such an attack is possible.
 
Starbug is no stranger to taking on biometric security. In a high profile stunt in 2013, he spoofed Apple’s TouchID sensors within 24 hours of the release of the iPhone 5S. Using a smudge on the screen of an iPhone, he printed a dummy finger using wood glue and sprayable graphene, which successfully unlocked a phone registered to someone else’s thumb.
 
For that hack, he had to have physical access to the phone he stole the fingerprint from, in order to get a high resolution scan of the print. His latest demonstration suggests that it may be possible to unlock a phone using a fingerprint stolen without ever touching a person or their property – although actually getting hold of the phone is still needed for the last stage, of actually unlocking it.

 
The increasing number of successful attacks against biometric identification has led to some security researchers advising that people change the way they think about security measures such as fingerprints and photo ID. Rather than treating them as a replacement for passwords, they should instead be used as a second factor of authentication, or even as something similar to a username: a publicly known piece of information which must be linked to a password before a user can log in.
 
As the ACLU’s Jay Stanley told the Washington Post, “Biometrics are not secrets… Ideally, they’re unique to each individual, but that’s not the same thing as being a secret.”
 
And Starbug agrees, telling Zeit in 2013 that “I consider my password safer than my fingerprint… My password is in my head, and if I’m careful when typing, I remain the only one who knows it.”

Rouble turmoil leads to Apple halting online sales in Russia

Technology giant Apple says it cannot sell products online in Russia because the rouble’s value is too volatile for it to set prices.
  
Technology giant Apple says it cannot sell products online in Russia because the rouble’s value is too volatile for it to set prices.
 
The company stopped sales of its iPhones, iPads and other products in the country after a day in which the currency went into free-fall. The rouble has lost more than 20% this week, despite a dramatic decision to raise interest rates from 10.5% to 17%. By afternoon trade the rouble was flat with one dollar buying 68 roubles. Its all time low, set on Wednesday, saw one dollar buying as many as 79 roubles.
 
Apple last month increased its prices in Russia by 20% after the weakening rouble left products in the country cheaper than in the rest of Europe. Russia’s central bank said on Wednesday it had spent almost $2bn intervening in the currency market on Monday. It has spent around $80bn trying to prop up its rouble this year, but despite that, the currency has lost more than half its value against the dollar since January, with cheaper oil and Western sanctions over its stance over Ukraine the chief factors. Both of these have weakened the Russian economy.
 
Russia’s central bank has pledged fresh further measures to try to stabilise its currency, with First Deputy Governor Sergei Shvetsov describing the situation as “critical”.
 
The rouble’s slide this week was prompted by fears that the US was considering a fresh set of sanctions against the country for its support for separatists in Ukraine.
 
 
 

Brits’ gaming habits during meetings revealed

peoples phone three logo

It’s one of the most talked about stories of the week; Conservative MP, Nigel Mills, caught on camera enjoying popular mobile app Candy Crush on his iPad, for over 2 hours while sat during Parliamentary committee.
 
And it appears he’s not alone, as nearly one in five of people (18%) have admitted that they’ve also played a game during a work meeting.
 
That’s according to a new study revealed today by leading network provider Three, which reveals the true extent of our gaming habits.
 
According to the research, conducted with 1,000 Brits, on average a single mid-meeting gaming session lasts for 16 minutes, with 18% confessing to doing so for over 20 minutes at a time. However, not many come close to reaching the levels of addiction of Nigel Millis MP, with less than one in ten (9%) playing for more than 40 minutes.
 
 
 
Top 10 Games Distracting Brits:
 
Candy Crush
Angry Birds
Solitaire
Tetris
Bejeweled
Sudoku
Scrabble
Crossword
Brain Trainer
Snake


Groundbreaking micro network for rural communities

ee micro network peoples phone

EE, the UK’s largest mobile network operator, is today committing to connect more than 1,500 rural communities within three years by investing in a unique micro network technology that provides coverage to remote areas with no need for broadband or cables.
 
Starting in early 2015, EE will be making voice services, as well as 3G and 4G mobile data coverage available in communities that currently don’t have reliable mobile or high speed broadband. These areas have remained unconnected by traditional approaches to network deployment that have relied on building large masts.
 
To cover these communities, EE will build new micro networks that wirelessly connect small mobile antennas to a suitable nearby macro site, without the need for cabling, dramatically improving the economics of connecting hard to reach areas.
 
The first community to be connected through trials of the new micro network technology is the small village of Sebergham, in Cumbria. Sebergham has 129 dwellings and 347 residents, and sits in a deep valley. 
 
Cumbria County Councillor, Duncan Fairbairn, said: “The mobile service here is either non-existent or spasmodic at best. And the broadband is incredibly slow and very unreliable. In rural communities like Sebergham, being connected to good, reliable mobile coverage can make a significant difference to everyday life and we need fast broadband. We’re delighted to be the first community in the UK to benefit from this EE initiative, and there are more villages in my parish that I know will benefit hugely from this, and they’re excited to be connected next.”   
 
Unlike rival products, the EE rural micro network solution does not need any fixed broadband to connect into the wider network, meaning it can be deployed in more remote areas.
 
The micro network can connect communities of around 100-150 homes and businesses, across an area of 0.5 square miles with just three or four small antennas. An antenna can be installed on to any building in just a few hours, and planning applications are not required. The unique, low impact solution is based on technology designed by Parallel Wireless, and will be in full deployment in early 2015.
 
Rural areas can now be covered at lower cost by using smaller mobile sites that communicate with each other to spread coverage and capacity, and using wireless technology instead of cables to connect into the main EE network. While wider geographical coverage improvements still require continued investment in the traditional macro network, this new technology enables more targeted voice and data coverage for small communities, at a lower cost of deployment.
 
EE CEO Olaf Swantee said: “With this innovative new technology, we have the capability to connect every community in the UK, and we estimate that we’ll be able to bring reliable voice coverage and high speed mobile broadband to more than 1,500 places for the first time by 2017. We’ve been working closely with Government on the long-term ambition to bring voice coverage to more of the UK, and we believe that this world-first technology will demonstrate significant advancements against that vision.”
 
Areas across the UK are being analysed now for connectivity, and the first deployments will be started in early 2015. In reports from Ofcom, EE has recently been named best for rural call quality and reliability, and best for 4G and 3G speeds and coverage.