Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Vein Authentication Already Hacked with a Fake Hand

0
0

While facial recognition is slowly but surely replacing fingerprint recognition on our devices, it’s believed that the next step in terms of biometric security is none other than vein authentication.

At least theoretically, at some point in the future our smartphones should be able to scan certain elements of our hands, like the shape, size, and the location of the vein, create a pattern, store it, and then check it every time you want to authenticate to make sure unauthorized access is blocked.

While for many this sounds like something that can’t be hacked, it doesn’t for a team of security researchers who attended the Chaos Communication Congress hacking conference in Leipzig, Germany.

As per Motherboard , Jan Krissler and Julian Albrecht built a fake model using a total of 2,500 photos of a hand that was previously configured with a vein authentication system.

“It’s enough to take photos from a distance of five meters, and it might work to go to a press conference and take photos of them,” Krissler was quoted as saying.

Just one month of work for the hack

However, it’s not really that easy. The researchers used slightly modified equipment to take the photos, including a camera without an infrared filter to be able to see the patterns of the veins.

And while anyone should be able to do that with some research, taking so many photos of a hand in order to re-create a wax model isn’t exactly the most sneaky hacking method, though it could be used by some individuals and even law enforcement to get access to some systems when it’s required.

For the time being, however, vein authentication isn’t quite widespread and by the time it reaches our devices, the system is very likely to be substantially improved.

The two researchers reached out to Fujitsu and Hitachi to disclose their findings and while Hitachi employees were provided with a more detailed look at the hack, Fujitsu didn’t seem to be too interested in it.


Viewing all articles
Browse latest Browse all 12749