We’re bored by voice identification, fatigued by Face ID, and totally over fingerprint-reading technology. Here in the closing days of 2018, it’s all about unusual new biometric technologies like “vein authentication.” As its name suggests, this technology involves reading theunique pattern of veins on a person’s palmto confirm that they are who they say they are. Such technology is reportedly being increasingly used in high-security facilities around the world.
Only it might not turn out to be quite as secure as people think — at least if arecent demonstrationat the hacker-centric Chaos Communication Congress is to be believed.
This week, a small team of security researchersshowcasedhow the latest vein-reading security systems are no match for something as basic as a fake wax hand containing printed vein details.
“We showed how to use a modified DLSR [camera] to capture hand vein patterns from a distance of around 5 meters,” security researcherJan Krissler, aka Starbug, told Digital Trends. “After adjusting the contrast, we then printed the vein patterns with a standard laser printer and covered the print with a layer of bee wax to simulate human tissue. With those dummies, we were able to fool the latest systems of both major vendors of vein recognition systems, Fujitsu and Hitachi.”
As exploits go, it’s pretty ingenious — but also alarmingly straightforward. It’s not quite as easy as fooling a facial-recognition system by holding up a photograph of the person, but it’s not too far off. (Although actually getting a good photo of someone’s hand with their veins visible might be a little tough.) According to Krissler, until now the accepted wisdom was that veins are buried inside the body and were thought to be difficult to capture. Just as facial recognition has had to improve, however, it seems that vein authentication must also ramp up its efforts.
“There are ways to measure blood flow that would detect our dummy,” Krissler continued. Even then he thinks that there would be ways to fool the technology, though. It appears that there is more that needs to be done before we can rely on reading veins as a foolproof security system.
Hey, maybe one of these otheroddball biometric technologieswill have better luck.
