Hackers defeat vein authentication by making a fake hand

Security researchers used 2,500 pictures of a hand to create an exact model out of wax.

Biometric security has moved beyond just fingerprints and face recognition to vein-based authentication. Unfortunately, hackers have already figured out a way to crack that, too. According to Motherboard, security researchers at the Chaos Communication Congress hacking conference in Leipzig, Germany showed a model wax hand that they used to defeat a vein authentication system using a wax model hand.

Vein authentication typically uses a computer system to scan the shape, size and location of a person's veins in their hand. Those patterns have to be identified each time the system scans the person's hand. In order to fool that security check, the researchers took 2,500 photos of a hand using a modified SLR camera that had the infrared filter removed to better highlight veins under the skin. They then took those photos and created a wax hand with the details of the person's veins sculpted right in. That wax mock-up was enough to bypass the vein authentication system.

To be clear, the method used by the security researchers isn't one that the average person could easily replicate. While the researchers said photos from as far away as five meters (about 16 feet) are good enough, snapping enough to make a reliable model would be a challenge without lots of access to the hand in question. It's a more intensive cracking process than, say, fingerprint ID that could potentially be hacked simply by lifting a person's fingerprint from an object they have touched. It still presents a concern that security systems can be manipulated with cheap and readily available materials.