Latest in Gear

Image credit:

Hackers defeat vein authentication by making a fake hand

Security researchers used 2,500 pictures of a hand to create an exact model out of wax.
AJ Dellinger, @ajdell
December 28, 2018
1 Shares
Share
Tweet
Share

Sponsored Links

Chachawal Prapai via Getty Images

Biometric security has moved beyond just fingerprints and face recognition to vein-based authentication. Unfortunately, hackers have already figured out a way to crack that, too. According to Motherboard, security researchers at the Chaos Communication Congress hacking conference in Leipzig, Germany showed a model wax hand that they used to defeat a vein authentication system using a wax model hand.

Vein authentication typically uses a computer system to scan the shape, size and location of a person's veins in their hand. Those patterns have to be identified each time the system scans the person's hand. In order to fool that security check, the researchers took 2,500 photos of a hand using a modified SLR camera that had the infrared filter removed to better highlight veins under the skin. They then took those photos and created a wax hand with the details of the person's veins sculpted right in. That wax mock-up was enough to bypass the vein authentication system.

To be clear, the method used by the security researchers isn't one that the average person could easily replicate. While the researchers said photos from as far away as five meters (about 16 feet) are good enough, snapping enough to make a reliable model would be a challenge without lots of access to the hand in question. It's a more intensive cracking process than, say, fingerprint ID that could potentially be hacked simply by lifting a person's fingerprint from an object they have touched. It still presents a concern that security systems can be manipulated with cheap and readily available materials.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1 Shares
Share
Tweet
Share

Popular on Engadget

US slaps trade restrictions on China's top chipmaker

US slaps trade restrictions on China's top chipmaker

View
Windows XP source code leak sheds light on Microsoft's OS history

Windows XP source code leak sheds light on Microsoft's OS history

View
Hitting the Books: The invisible threat that every ISS astronaut fears

Hitting the Books: The invisible threat that every ISS astronaut fears

View
Recommended Reading: The new Apple Watch's blood oxygen feature

Recommended Reading: The new Apple Watch's blood oxygen feature

View
Here's everything Amazon announced at its big hardware event

Here's everything Amazon announced at its big hardware event

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr