Jan Krissler

Last updated
Jan Krissler
Jan Krissler (starbug).png
NationalityGerman
Other namesStarbug
Occupation hacker
Known for Biometry hacking

Jan Krissler, better known by his pseudonym starbug, is a German computer scientist and hacker. He is best known for his work on defeating biometric systems, most prominently the iPhone's TouchID. [1] He is also an active member of the German and European hacker community.

Contents

Fingerprints of prominent German politicians

Krissler, along with Chaos Computer Club published the fingerprints of then Interior Minister Wolfgang Schäuble as a means of protest as well as proof of concept. He shot traces of a glass used by Schäuble using a digital camera and tweaked it digitally. [2] [3] Previously, Schäubles Ministry of the Interior had introduced biometric passports which included a digital copy of the holder's fingerprint.

He further refined the attack in 2014 when he reproduced Minister of Defense Ursula von der Leyen's fingerprint from a high resolution press photo. The attack was presented during 2014's Chaos Communication Congress. [4]

In 2014, Neurotechnology's "VeriFinger" was used by Jan Krissler to recreate the German defense minister Ursula von der Leyen's fingerprint. [5]

Scientific work

Aside from his activities and popular papers published as an activist, Krissler is also a published scientist. His early works looked into the security of biometric systems. [6] Later, Krissler researched the foundations of optic fibre systems [7] [8] and the development of novel attacks on smart cards. [9]

From 2014 onwards, his work has focused on novel methods of defeating biometric systems. He is internationally recognized for his research on the risks emanating from high resolution smartphone cameras, which may allow malicious actors to covertly steal fingerprints. [10] Deficiencies in biometric payment systems is another field of his research. [11]

Currently, Krissler is a research assistant at TU Berlin [12] working with Jean-Pierre Seifert's research group.

Related Research Articles

<span class="mw-page-title-main">Chaos Computer Club</span> Germany based hackers organization

The Chaos Computer Club (CCC) is Europe's largest association of hackers with 7,700 registered members. Founded in 1981, the association is incorporated as an eingetragener Verein in Germany, with local chapters in various cities in Germany and the surrounding countries, particularly where there are German-speaking communities. Since 1985, some chapters in Switzerland have organized an independent sister association called the Chaos Computer Club Schweiz (CCC-CH) instead.

Biometrics are body measurements and calculations related to human characteristics and features. Biometric authentication is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.

<span class="mw-page-title-main">Iris recognition</span> Method of biometric identification

Iris recognition is an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of one or both of the irises of an individual's eyes, whose complex patterns are unique, stable, and can be seen from some distance. The discriminating powers of all biometric technologies depend on the amount of entropy they are able to encode and use in matching. Iris recognition is exceptional in this regard, enabling the avoidance of "collisions" even in cross-comparisons across massive populations. Its major limitation is that image acquisition from distances greater than a meter or two, or without cooperation, can be very difficult. However, the technology is in development and iris recognition can be accomplished from even up to 10 meters away or in a live camera feed.

Starbug may refer to:

Synaptics, Inc. American neural network technologies and computer-to-human interface devices development company based in San Jose, California. It develops touchpads and fingerprint biometrics technology for computer laptops; touch, display driver, and fingerprint biometrics technology for smartphones; and touch, video and far-field voice, and wireless technology for smart home devices, wearables, and automobiles. Synaptics sells its products to original equipment manufacturers (OEMs) and display manufacturers.

<span class="mw-page-title-main">Biometric passport</span> Traditional passport that has an embedded electronic microprocessor chip

A biometric passport is a traditional passport that has an embedded electronic microprocessor chip, which contains biometric information that can be used to authenticate the identity of the passport holder. It uses contactless smart card technology, including a microprocessor chip and antenna embedded in the front or back cover, or centre page, of the passport. The passport's critical information is printed on the data page of the passport, repeated on the machine readable lines and stored in the chip. Public key infrastructure (PKI) is used to authenticate the data stored electronically in the passport chip, supposedly making it expensive and difficult to forge when all security mechanisms are fully and correctly implemented.

<span class="mw-page-title-main">Visa requirements for Polish citizens</span> Administrative entry restrictions

Visa requirements for Polish citizens are public health and administrative entry restrictions by the authorities of other states placed on citizens of Poland.

<span class="mw-page-title-main">Visa policy of Canada</span> Policy on permits required to enter Canada

The visa policy of Canada requires that any foreign citizen wishing to enter Canada must obtain a temporary resident visa from one of the Canadian diplomatic missions unless they hold a passport issued by one of the 53 eligible visa-exempt countries and territories or proof of permanent residence in Canada or the United States.

<span class="mw-page-title-main">Visa requirements for Afghan citizens</span> Administrative entry restrictions

Visa requirements for Afghan citizens are administrative entry restrictions by the authorities of other states placed on citizens of Afghanistan.

<span class="mw-page-title-main">Fastboot</span> Recovery mode included in Android mobile operating system

Fastboot is a communication protocol used primarily with Android devices. It is implemented in a command-line interface tool of the same name and as a mode of the bootloader of Android devices. The tool is included with the Android SDK package and used primarily to modify the flash filesystem via a USB connection from a host computer. It requires that the device be started in Fastboot mode. If the mode is enabled, it will accept a specific set of commands, sent through USB bulk transfers. Fastboot on some devices allows unlocking the bootloader, and subsequently, enables installing custom recovery image and custom ROM on the device. Fastboot does not require USB debugging to be enabled on the device. To use fastboot, a specific combination of keys must be held during boot.

<span class="mw-page-title-main">Smudge attack</span> Discerning a password via screen smudges

A smudge attack is an information extraction attack that discerns the password input of a touchscreen device such as a smartphone or tablet computer from fingerprint smudges. A team of researchers at the University of Pennsylvania were the first to investigate this type of attack in 2010. An attack occurs when an unauthorized user is in possession or is nearby the device of interest. The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to find the pattern or code needed to access the device and its contents. Simple cameras, lights, fingerprint powder, and image processing software can be used to capture the fingerprint deposits created when the user unlocks their device. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent input swipes or taps from the user.

Biometrics refers to the automated recognition of individuals based on their biological and behavioral characteristics, not to be confused with statistical biometrics; which is used to analyse data in the biological sciences. Biometrics for the purposes of identification may involve DNA matching, facial recognition, fingerprints, retina and iris scanning, voice analysis, handwriting, gait, and even body odor.

<span class="mw-page-title-main">Touch ID</span> Electronic fingerprint recognition feature by Apple

Touch ID is an electronic fingerprint recognition feature designed and released by Apple Inc. that allows users to unlock devices, make purchases in the various Apple digital media stores, and authenticate Apple Pay online or in apps. It can also be used to lock and unlock password-protected notes on iPhone and iPad. Touch ID was first introduced in iPhones with the iPhone 5s in 2013. In 2015, Apple introduced a faster second-generation Touch ID in the iPhone 6s; a year later in 2016, it made its laptop debut in the MacBook Pro integrated on the right side of the Touch Bar. Touch ID has been used on all iPads since the iPad Air 2 was introduced in 2014. In MacBooks, each user account can have up to three fingerprints, and a total of five fingerprints across the system. Fingerprint information is stored locally in a secure enclave on the Apple A7 and later chips, not in the cloud, a design choice intended to secure fingerprint information from users or malicious attackers.

<span class="mw-page-title-main">Mustafa Al-Bassam</span> Iraqi-British computer hacker and co-founder of LulzSec

Mustafa Al-Bassam is an Iraqi- British computer security researcher, hacker, and co-founder of Celestia Labs. Al-Bassam co-founded the hacker group LulzSec in 2011, which was responsible for several high profile breaches. He later went on to co-found Chainspace, a company implementing a smart contract platform, which was acquired by Facebook in 2019. In 2021, Al-Bassam graduated from University College London, completing a PhD in computer science with a thesis on Securely Scaling Blockchain Base Layers. In 2016, Forbes listed Al-Bassam as one of the 30 Under 30 entrepreneurs in technology.

<span class="mw-page-title-main">Biometric device</span> Identification and authentication device

A biometric device is a security identification and authentication device. Such devices use automated methods of verifying or recognising the identity of a living person based on a physiological or behavioral characteristic. These characteristics include fingerprints, facial images, iris and voice recognition.

A downgrade attack, also called a bidding-down attack, or version rollback attack, is a form of cryptographic attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation in favor of an older, lower-quality mode of operation that is typically provided for backward compatibility with older systems. An example of such a flaw was found in OpenSSL that allowed the attacker to negotiate the use of a lower version of TLS between the client and server. This is one of the most common types of downgrade attacks. Opportunistic encryption protocols such as STARTTLS are generally vulnerable to downgrade attacks, as they, by design, fall back to unencrypted communication. Websites which rely on redirects from unencrypted HTTP to encrypted HTTPS can also be vulnerable to downgrade attacks, as the initial redirect is not protected by encryption.

<span class="mw-page-title-main">Vincenzo Piuri</span> Italian scientist and electrical engineer

Vincenzo Piuri is an Italian scientist. He is an IEEE Fellow and an ACM Distinguished Scientist. He is known for his work in the field of information processing, with specific focus on artificial intelligence, computational intelligence, signal/image processing, biometrics, industrial applications, measurement systems, arithmetic units and fault-tolerant architectures.

<span class="mw-page-title-main">NimbRo</span> Competitive robotics team

NimbRo is the robot competition team of the Autonomous Intelligent Systems group of University of Bonn, Germany. It was founded in 2004 at the University of Freiburg, Germany.

<span class="mw-page-title-main">Hartmut Seifert</span> German economist (born 1944)

Hartmut Seifert (born 23 January 1944 in Tilsit is an influential German labor market and working time researcher, former leader of the Institute of Economic and Social Research of the Hans Böckler Foundation and scientific correspondent for the Japan Institute for Labour Policy and Training, Tokyo.

<span class="mw-page-title-main">Neurotechnology (company)</span>

Neurotechnology is an algorithm and software development company founded in Vilnius, Lithuania in 1990.

References

  1. Alex Hern (2014-12-30). "Hacker fakes German minister's fingerprints using photos of her hands". TheGuardian.com . Retrieved 2018-08-21.
  2. "Datenschutz: Schäubles Zeigefinger gehackt", Zeit Online (in German), retrieved 2018-08-20
  3. Kleinman, Zoe (2014-12-29). "Fingerprint 'cloned from photos'". BBC News. Retrieved 2018-09-01.
  4. CCC (29 December 2014). "Ich sehe, also bin ich ... Du" . Retrieved 2018-08-20.
  5. "Hacker fakes German minister's fingerprints using photos of her hands". the Guardian. 2014-12-30. Retrieved 2023-01-05.
  6. Lisa Thalheim, Jan Krissler, Peter-Michael Ziegler (November 2002), Heise (ed.), "Body Check Biometric Access Protection Devices and their Programs Put to the Test", C't (in German), vol. 2002, no. 11, Hannover: Heise, p. 114{{citation}}: CS1 maint: multiple names: authors list (link)
  7. Guggi Kofod, Denis N. Mc Carthy, Jan Krissler, Günter Lang, Grace Jordan (2009-05-18), "Electroelastic optical fiber positioning with submicrometer accuracy: Model and experiment", Applied Physics Letters (in German), vol. 94, no. 20, p. 202901, Bibcode:2009ApPhL..94t2901K, doi:10.1063/1.3134002, ISSN   0003-6951 {{citation}}: CS1 maint: multiple names: authors list (link)
  8. Norbert Arndt-Staufenbiel, Guenter Lang, Jan Krissler, Henning Schroeder, Wolfgang Scheel (2004-04-07), "Specific glass fiber technologies: Lensing and laser fusion", in Pistora, Jaromir; Postava, Kamil; Hrabovsky, Miroslav; Rawat, Banmali S (eds.), Microwave and Optical Technology 2003, SPIE Proceedings (in German), vol. 5445, SPIE, pp. 83–87, Bibcode:2004SPIE.5445...83A, doi:10.1117/12.558095, S2CID   109589360 , retrieved 2018-08-21{{citation}}: CS1 maint: multiple names: authors list (link)
  9. Clemens Helfmeier, Dmitry Nedospasov, Christopher Tarnovsky, Jan Starbug Krissler, Christian Boit (2013-11-04), "Breaking and entering through the silicon", Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13 (in German), ACM, pp. 733–744, doi:10.1145/2508859.2516717, ISBN   9781450324779, S2CID   1571884 {{citation}}: CS1 maint: multiple names: authors list (link)
  10. Tobias Fiebig, Jan Krissler, and Ronny Hänsch (August 2014). "Security Impact of High Resolution Smartphone Cameras | USENIX". Workshop on Offensive Technologies (WOOT). USENIX Association. Retrieved 2018-08-21.{{cite web}}: CS1 maint: multiple names: authors list (link)
  11. Julian Fietkau, Starbug, and Jean-Pierre Seifert (August 2018). "Swipe Your Fingerprints! How Biometric Authentication Simplifies Payment, Access and Identity Fraud | USENIX". Workshop on Offensive Technologies (WOOT). USENIX Association. Retrieved 2018-08-21.{{cite web}}: CS1 maint: multiple names: authors list (link)
  12. TU Berlin. "Institut für Softwaretechnik und Theoretische Informatik: Jan Krissler" (in German). Retrieved 2018-08-21.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.