Jan Krissler

Last updated
Jan Krissler
Jan Krissler (starbug).png
NationalityGerman
Other namesStarbug
Occupation hacker
Known for Biometry hacking

Jan Krissler, better known by his pseudonym starbug, is a German computer scientist and hacker. He is best known for his work on defeating biometric systems, most prominently the iPhone's TouchID. [1] He is also an active member of the German and European hacker community.

Contents

Fingerprints of prominent German politicians

Krissler, along with Chaos Computer Club published the fingerprints of then Interior Minister Wolfgang Schäuble as a means of protest as well as proof of concept. He shot traces of a glass used by Schäuble using a digital camera and tweaked it digitally. [2] [3] Previously, Schäubles Ministry of the Interior had introduced biometric passports which included a digital copy of the holder's fingerprint.

He further refined the attack in 2014 when he reproduced Minister of Defense Ursula von der Leyen's fingerprint from a high resolution press photo. The attack was presented during 2014's Chaos Communication Congress. [4]

Scientific work

Next to his activities and popular papers published as an activist, Krissler is also a published scientist. His early works looked into the security of biometric systems. [5] Later, Krissler researched foundations of fiberoptical systems [6] [7] and the development of novel attacks on smart cards. [8]

From 2014 onwards, his work has focused on novel methods of attacking biometric systems. He was internationally recognized for his research on the risks emanating from high resolution smartphone cameras which allowed to covertly steal fingerprints. [9] Deficiencies in biometric payment systems is another field of his research. [10]

Currently, Krissler is a research assistant at TU Berlin [11] working with the research group of Jean-Pierre Seifert.

Related Research Articles

Chaos Computer Club Germany based hackers organization

The Chaos Computer Club (CCC) is Europe's largest association of hackers with 7,700 registered members. Founded in 1981, the association is incorporated as an eingetragener Verein in Germany, with local chapters in various cities in Germany and the surrounding countries, particularly where there are German-speaking communities. Since 1985, some chapters in Switzerland have organized an independent sister association called the Chaos Computer Club Schweiz (CCC-CH) instead.

Biometrics are body measurements and calculations related to human characteristics. Biometric authentication is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.

Iris recognition Method of biometric identification

Iris recognition is an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of one or both of the irises of an individual's eyes, whose complex patterns are unique, stable, and can be seen from some distance. The discriminating powers of all biometric technologies depend on the amount of entropy they are able to encode and use in matching. Iris recognition is exceptional in this regard, enabling the avoidance of "collisions" even in cross-comparisons across massive populations. Its major limitation is that image acquisition from distances greater than a meter or two, or without cooperation, can be very difficult.

Office of Biometric Identity Management

United States Visitor and Immigrant Status Indicator Technology is a U.S. Customs and Border Protection (CBP) management system. The system involves the collection and analysis of biometric data, which are checked against a database to track individuals deemed by the United States to be terrorists, criminals, and illegal immigrants. US-VISIT is accessed by 30,000 users from federal, state, and local government agencies. Upon Presidential approval of the 2013 Continuing resolution the US-VISIT program officially became the "Office of Biometric Identity Management" (OBIM), save for portions of the agency which performed overstay analysis being transferred into U.S. Immigration and Customs Enforcement and biometric Entry and Exit operations which became a part of U.S. Customs and Border Protection.

Starbug may refer to:

Biometric passport Traditional passport that has an embedded electronic microprocessor chip

A biometric passport is a traditional passport that has an embedded electronic microprocessor chip which contains biometric information that can be used to authenticate the identity of the passport holder. It uses contactless smart card technology, including a microprocessor chip and antenna embedded in the front or back cover, or centre page, of the passport. The passport's critical information is printed on the data page of the passport, repeated on the machine readable lines and stored in the chip. Public key infrastructure (PKI) is used to authenticate the data stored electronically in the passport chip, making it expensive and difficult to forge when all security mechanisms are fully and correctly implemented.

Active Directory Rights Management Services is a server software for information rights management shipped with Windows Server. It uses encryption and a form of selective functionality denial for limiting access to documents such as corporate e-mails, Microsoft Word documents, and web pages, and the operations authorized users can perform on them. Companies can use this technology to encrypt information stored in such document formats, and through policies embedded in the documents, prevent the protected content from being decrypted except by specified people or groups, in certain environments, under certain conditions, and for certain periods of time. Specific operations like printing, copying, editing, forwarding, and deleting can be allowed or disallowed by content authors for individual pieces of content, and RMS administrators can deploy RMS templates that group these rights together into predefined rights that can be applied en masse.

Fastboot Recovery mode included in Android mobile operating system

Fastboot is a protocol and a tool of the same name. It is included with the Android SDK package used primarily to modify the flash filesystem via a USB connection from a host computer. It requires that the device be started in Fastboot mode. If the mode is enabled, it will accept a specific set of commands sent to it via USB using a command line. Fastboot allows to boot from a custom recovery image. Fastboot does not require USB debugging to be enabled on the device. Not all Android devices have fastboot enabled. To use fastboot, a specific combination of keys must be held during boot.

Noisebridge

Noisebridge is an anarchistic hackerspace located in San Francisco, inspired by European hackerspaces Metalab and c-base in Berlin. It is a registered non-profit California corporation, with IRS 501(c)(3) charitable status. It describes itself as "a space for sharing, creation, collaboration, research, development, mentoring, and learning," and outside of its headquarters forms a wider community around the world. It was organized in 2007 and has had permanent facilities since 2008.

Vein matching Technique of biometric identification

Vein matching, also called vascular technology, is a technique of biometric identification through the analysis of the patterns of blood vessels visible from the surface of the skin. Though used by the Federal Bureau of Investigation and the Central Intelligence Agency, this method of identification is still in development and has not yet been universally adopted by crime labs as it is not considered as reliable as more established techniques, such as fingerprinting. However, it can be used in conjunction with existing forensic data in support of a conclusion.

Smudge attack Discerning a password via screen smudges

A smudge attack is an information extraction attack that discerns the password input of a touchscreen device such as a cell phone or tablet computer from fingerprint smudges. A team of researchers at the University of Pennsylvania were the first to investigate this type of attack in 2010. An attack occurs when an unauthorized user is in possession or is nearby the device of interest. The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to find the pattern or code needed to access the device and its contents. Simple cameras, lights, fingerprint powder, and image processing software can be used to capture the fingerprint deposits created when the user unlocks their device. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent input swipes or taps from the user.

Biometrics refers to the automated recognition of individuals based on their biological and behavioral characteristics, not to be confused with statistical biometrics; which is used to analyse data in the biological sciences. Biometrics for the purposes of identification may involve DNA matching, facial recognition, fingerprints, retina and iris scanning, voice analysis, handwriting, gait, and even body odor.

Biometric device

A biometric device is a security identification and authentication device. Such devices use automated methods of verifying or recognising the identity of a living person based on a physiological or behavioral characteristic. These characteristics include fingerprints, facial images, iris and voice recognition.

A downgrade attack, also called a bidding-down attack or version rollback attack, is a form of cryptographic attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation in favor of an older, lower-quality mode of operation that is typically provided for backward compatibility with older systems. An example of such a flaw was found in OpenSSL that allowed the attacker to negotiate the use of a lower version of TLS between the client and server. This is one of the most common types of downgrade attacks. Opportunistic encryption protocols such as STARTTLS are generally vulnerable to downgrade attacks, as they, by design, fall back to unencrypted communication. Websites which rely on redirects from unencrypted HTTP to encrypted HTTPS can also be vulnerable to downgrade attacks, as the initial redirect is not protected by encryption.

Contactless fingerprinting technology (CFP) was described in a government-funded report as an attempt to gather and add fingerprints to those gathered via wet-ink process and then, in a "touchless" scan, verify claimed identify and, a bigger challenge, identify their owners without additional clues.

Karsten Nohl German cryptography expert and hacker (born 1981)

Karsten Nohl is a German cryptography expert and hacker. His areas of research include Global System for Mobile Communications (GSM) security, radio-frequency identification (RFID) security, and privacy protection.

NimbRo Competitive robotics team

NimbRo is the robot competition team of the Autonomous Intelligent Systems group of University of Bonn, Germany. It was founded in 2004 at the University of Freiburg, Germany.

Proof of personhood (PoP) is a means of resisting malicious attacks on peer to peer networks, particularly, attacks that utilize multiple fake identities, such as a Sybil attack. Decentralized online platforms are particularly vulnerable to such attacks by their very nature, as notionally democratic and responsive to large voting blocks. PoP is a resistance method for permissionless consensus, in which each unique human participant obtains one equal unit of voting power and associated rewards. In contrast with proof of work, proof of stake, and other approaches that confer voting power and rewards in a blockchain or cryptocurrency proportionately to a participant's investment in some activity or resource, proof of personhood aims to guarantee each unique human participant an equal amount of voting power and rewards, independent of economic investment.

Identity replacement technology is any technology that is used to cover up all or parts of a person's identity, either in real life or virtually. This can include face masks, face authentication technology, and deepfakes on the Internet that spread fake editing of videos and images. Face replacement and identity masking are used by either criminals or law-abiding citizens. Identity replacement tech, when operated on by criminals, leads to heists or robbery activities. Law-abiding citizens utilize identity replacement technology to prevent government or various entities from tracking private information such as locations, social connections, and daily behaviors.

Hartmut Seifert German economist (born 1944)

Hartmut Seifert (born 23 January 1944 in Tilsit is an influential German labor market and working time researcher, former leader of the Institute of Economic and Social Research of the Hans Böckler Foundation and scientific correspondent for the Japan Institute for Labour Policy and Training, Tokyo.

References

  1. Alex Hern (2014-12-30). "Hacker fakes German minister's fingerprints using photos of her hands". TheGuardian.com . Retrieved 2018-08-21.
  2. "Datenschutz: Schäubles Zeigefinger gehackt", Zeit Online (in German), retrieved 2018-08-20
  3. Kleinman, Zoe (2014-12-29). "Fingerprint 'cloned from photos'". BBC News. Retrieved 2018-09-01.
  4. CCC (29 December 2014). "Ich sehe, also bin ich ... Du" . Retrieved 2018-08-20.
  5. Lisa Thalheim, Jan Krissler, Peter-Michael Ziegler (November 2002), Heise (ed.), "Body Check Biometric Access Protection Devices and their Programs Put to the Test", C't (in German), Hannover: Heise, vol. 2002, no. 11, p. 114{{citation}}: CS1 maint: multiple names: authors list (link)
  6. Guggi Kofod, Denis N. Mc Carthy, Jan Krissler, Günter Lang, Grace Jordan (2009-05-18), "Electroelastic optical fiber positioning with submicrometer accuracy: Model and experiment", Applied Physics Letters (in German), vol. 94, no. 20, p. 202901, Bibcode:2009ApPhL..94t2901K, doi:10.1063/1.3134002, ISSN   0003-6951 {{citation}}: CS1 maint: multiple names: authors list (link)
  7. Norbert Arndt-Staufenbiel, Guenter Lang, Jan Krissler, Henning Schroeder, Wolfgang Scheel (2004-04-07), "Specific glass fiber technologies: Lensing and laser fusion", in Pistora, Jaromir; Postava, Kamil; Hrabovsky, Miroslav; Rawat, Banmali S (eds.), Microwave and Optical Technology 2003, SPIE Proceedings (in German), vol. 5445, SPIE, pp. 83–87, Bibcode:2004SPIE.5445...83A, doi:10.1117/12.558095, S2CID   109589360 , retrieved 2018-08-21{{citation}}: CS1 maint: multiple names: authors list (link)
  8. Clemens Helfmeier, Dmitry Nedospasov, Christopher Tarnovsky, Jan Starbug Krissler, Christian Boit (2013-11-04), "Breaking and entering through the silicon", Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13 (in German), ACM, pp. 733–744, doi:10.1145/2508859.2516717, ISBN   9781450324779, S2CID   1571884 {{citation}}: CS1 maint: multiple names: authors list (link)
  9. Tobias Fiebig, Jan Krissler, and Ronny Hänsch (August 2014). "Security Impact of High Resolution Smartphone Cameras | USENIX". Workshop on Offensive Technologies (WOOT). USENIX Association. Retrieved 2018-08-21.{{cite web}}: CS1 maint: multiple names: authors list (link)
  10. Julian Fietkau, Starbug, and Jean-Pierre Seifert (August 2018). "Swipe Your Fingerprints! How Biometric Authentication Simplifies Payment, Access and Identity Fraud | USENIX". Workshop on Offensive Technologies (WOOT). USENIX Association. Retrieved 2018-08-21.{{cite web}}: CS1 maint: multiple names: authors list (link)
  11. TU Berlin. "Institut für Softwaretechnik und Theoretische Informatik: Jan Krissler" (in German). Retrieved 2018-08-21.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.