Vein authentication already hacked with a fake hand2019-01-01 18:04 by Daniela
Two hackers managed to trick a vein scanning system just by using a simple wax hand. Jan Krissler and Julian Albrecht built a fake model using a total of 2,500 photos of a hand that was previously configured with a vein authentication system.
What they did was take pictures of their hands using a modded SLR camera with the infrared filter removed. At a distance of five meters, the camera was able see vein patterns underneath the skin. The images were then used to make wax replicas, which in turn were able to fool a vein authentication system.
Using the wax hand, the pair were able to bypass scanners manufactured by Hitachi and Fujitsu, which they say make up 95 percent of the systems used in the vein authentication market.
Vein authentication works with systems that compare a user's placement of veins under their skin compared to a copy on record. According to a recent report from German news wire DPA, the BND, Germany's signals intelligence agency, uses vein authentication in its new headquarter building in Berlin.
Krissler has a track record for biometric hacking; in 2013 he bypassed Apple's Touch ID within 24 hours of its launch in Germany, he demonstrated similar skill in faking the German defence minister's fingerprint and has more recently, demonstrated vulnerabilities in iris scanning technology. The hacker explained pragmatically that bio-security is "always an arm race". It wouldn't be surprising if Fujitsu and Hitachi update their scanning systems in the wake of this news, despite playing it down.
Read more -here-