Cupertino calls Apple Pay “a simple, secure, and private way” to make a purchase with a mobile device. Not so fast, says hacker Jan Krissler, also known by his alias “Starbug,” according to VentureBeat.
Speaking at the Chaos Computer Club, Europe’s largest association of hackers, Krissler explained that fingerprints can be snatched using a “standard photo camera,” along with a commercially available software called VeriFinger. To prove this, the hacker copied the thumbprint of German Defense Minister Ursula von der Leyen, which he obtained at a recent public event.
This type of vulnerability extends beyond mobile payments.
“Because these fingerprints can be used for biometric authentication, Starbug believes that after his talk, ‘politicians will presumably wear gloves when talking in public.’”
Before trashing your iPhone to make Apple Pay purchases, VentureBeat notes:
Even if reproducing a fingerprint was a viable method for breaking into a system, be it a smartphone or a high-security vault, this news doesn’t mean that fingerprints are suddenly useless. Perfect security measures do not exist, and fingerprints definitely still have their place. They can still be more secure than PIN codes in many cases, and can always be used in conjunction with them or other types of passwords for multiple layers of security.
First announced in September, all of Apple Pay works on the iPhone 6, iPhone 6 Plus, and Apple Watch. You can make in-app purchases with Apple Pay with the iPhone 6, iPhone 6 Plus, iPad Air 2, and iPad mini 3.
See also: Apple Pay expected to arrive in UK in first half of 2015, barring ‘tricky’ talks with banks, For some partner stores and apps, Apple Pay won’t be ‘coming later this year’ after all, and The top 10 Apple stories of 2014 include the Apple Watch, ‘Bendgate,’ Beats and more.