Biometric security is on the rise thanks to smartphones utilising fingerprint, retina and facial scanning technology, however vein authentication has regularly been considered superior thanks to its difficult-to-replicate methods. Or so we thought. Researchers have now revealed that they managed to crack the system with a single image and cheaply-made wax hand.
Vein authentication is similar to fingerprint verification in that it scans the unique structure of a person’s veins under their skin, while removing the possibility of leaving prints behind whenever we touch something. Thanks to its reputation, local news site Welt reports that Germany’s signals intelligence agency, the BND, supposedly uses the technology within its Berlin headquarters.
Sadly, Motherboard reports that security researchers have since cracked the technology, utilising an SLR camera with its infrared filter removed and some wax:
“It makes you feel uneasy that the process is praised as a high-security system and then you modify a camera, take some cheap materials and hack it,” German researcher Jan Krissler tells the publication, in collaboration with Julian Albrecht. “It’s enough to take photos from a distance of five meters, and it might work to go to a press conference and take photos of them.”
Krissler makes the process sound easy, requiring just a single photo with a modified camera and 15 minutes to assemble the wax hand from cheap materials in order to spoof the system, but the testing process was much more thorough. Krissler and Albrecht took over 2,500 photos of their hands across a 30-day period before deducing that a single image could be utilised in the hack.
The bypass was by no means perfect and its real-world applications are currently in question, but there is an inherent problem with allegedly top-notch security if a two-person team can breach the system with little effort. Should any amount of well-funded research go into refining this process, vein authentication could prove to be incredibly ineffective.
KitGuru Says: Almost all types of security have been beaten, with Apple’s Face ID and Touch ID continuously challenged by researchers, but it’s unusual to see a technology that’s barely established in the commercial market be toppled so easily. Here’s hoping leading manufacturers Fujitsu and Hitachi strengthen their systems before exploits begin turning up aplenty.