Jan Krissler, Julian Albrecht (via Motherboard)
Jan Krissler, Julian Albrecht (via Motherboard)

Mobile

Hackers Seem To Have Found A Way To Bypass Biometric Authentication Using FAKE Hand

Written By Tanmay Patange | Mumbai | Published:

Hack:

  • Security researchers described how they were able to trick vein authentication using a fake hand out of wax
  • Hackers seem to have found a technique to bypass vein-based authentication

Biometric authentication systems have been fairly common these days. From unlocking your mobile phone to registering your attendance at a workplace, we are surrounded by devices and security systems that primarily rely on biometric authentication. In what could be surprising news, hackers could bypass a biometric authentication system using a fake hand.

What happened

According to reports, hackers seem to have found a technique to bypass vein-based authentication. First reported by Motherboard, at a recently held Chaos Communication Congress hacking conference, security researchers described how they were able to trick vein authentication, courtesy of a fake hand out of wax. 

What is vein authentication

Unlike a more traditional fingerprint system, vein authentication system compares how veins are positioned under the skin making it harder to bypass. Replicating fingerprints may be easier than replicating the placement of veins below your skin. That is what makes the vein authentication more reliable than a traditional fingerprint system.

Also Read | Samsung could be working on a foldable drone accessory compatible with smartphones

How did they do it?

Security researchers Jan Krissler and Julian Albrecht used a converted SLR camera without the infrared (IR) filter to capture photographs of their vein patterns. This way, the photographs could reveal the placement of their vein patterns. Later on, they used these photographs to replicate their vein patterns into wax hand models.

In an email to Motherboard, here is what Jan Krissler had to say:

"It makes you feel uneasy that the process is praised as a high-security system and then you modify a camera, take some cheap materials and hack it. t’s enough to take photos from a distance of five meters, and it might work to go to a press conference and take photos of them. When we first spoofed the system, I was quite surprised that it was so easy. Biometrics is always an arm race. The manufacturers improve their systems, the hackers come and break it and then it goes back on.”

DO NOT MISS