Biometric security is the buzz-word today. It’s everywhere and is being increasingly adapted in the mainstream. From fingerprint sensors in your phone, to the FaceID in iPhones – everything is a biometric measure.
Researchers around the world continuously develop more and more intricate biometric solutions that can help authenticate personnel in a more secure and stable manner. Vein Authentication is one such measure – it works by scanning the hand of a person and determining the shapes, positions and sizes of his or her veins, under the skin of the hand. Since these factors have a very low probability of being the exact same in two people, this was touted as a high security measure.
Until hackers beat it…
At the Chaos Communication Congress, which is a hackers’ conference, organized in Germany every year – two hackers revealed to the visitors how they beat the system using a modified camera and a hand replica built out of wax.
Jan Krissler, more famously known by his handle starbug, along with Julian Albrect modified an SLR camera by removing the infrared filters, so as to better access the vein pattern and took pictures of a hand. They took around 2500 pictures, and then built a replica hand out of wax, referencing these images.
Their replica wax hand was able to successfully bypass the Vein sensors – which came as a shock to a lot of the visitors.
Globally used Authentication System
Vein Sensors based authentication is being increasingly adapted by various companies and government agencies around the world. A recent report stated that even the BND, the German intelligence agency had implemented vein authentication at its headquarters.
Just so we are clear –
The hackers claim that taking a picture from as far as 5 meters was enough to build a replica model.
However, something like this would require very specific skills and would be very hard for the everyday person to replicate. While the hackers’ worked in a controlled environment and were able to make multiple tests without having to worry about being locked out, traditional vein authentication systems cannot be so easily brute-forced.
While other biometric systems like fingerprints scanners are notorious for being able to be easily bypassed by lifting fingerprints of a user from some other surface. Defeating vein authentication would require a lot of access to a user’s hand along with excellent modelling skills. Even then, there’s a high chance the output may not work.