Biometric authentication systems have been fairly common these days. From unlocking your mobile phone to registering your attendance at a workplace, we are surrounded by devices and security systems that primarily rely on biometric authentication. In what could be surprising news, hackers could bypass a biometric authentication system using a fake hand.
According to reports, hackers seem to have found a technique to bypass vein-based authentication. First reported by Motherboard, at a recently held Chaos Communication Congress hacking conference, security researchers described how they were able to trick vein authentication, courtesy of a fake hand out of wax.
Unlike a more traditional fingerprint system, vein authentication system compares how veins are positioned under the skin making it harder to bypass. Replicating fingerprints may be easier than replicating the placement of veins below your skin. That is what makes the vein authentication more reliable than a traditional fingerprint system.
Security researchers Jan Krissler and Julian Albrecht used a converted SLR camera without the infrared (IR) filter to capture photographs of their vein patterns. This way, the photographs could reveal the placement of their vein patterns. Later on, they used these photographs to replicate their vein patterns into wax hand models.
In an email to Motherboard, here is what Jan Krissler had to say:
"It makes you feel uneasy that the process is praised as a high-security system and then you modify a camera, take some cheap materials and hack it. t’s enough to take photos from a distance of five meters, and it might work to go to a press conference and take photos of them. When we first spoofed the system, I was quite surprised that it was so easy. Biometrics is always an arm race. The manufacturers improve their systems, the hackers come and break it and then it goes back on.”