Researchers exploit Vein-based authentication system using a wax hand

Researchers exploit Vein-based authentication system using a wax hand

Biometric authentication is currently a widely used option for maintaining the security of devices and systems. With the emergence of vein-based authentication, biometric verification has moved beyond facial recognition and fingerprints. Vein-based authentication involves scanning of the size, shape, and location of the users’ veins under their hand’s skin to verify the person.

On paper and in theory this method seems foolproof in ensuring perfect security of the system/device. However, security researchers have found a way to deceive vein-based authentication too. 

See: Fingerprints will tell cops if you are high on cocaine

At the annual Chaos Communication Congress (CCC) Hacking Conference held on Thursday, in Leipzig, Germany, security researchers proved that they can defeat the vein-based system using a specially designed wax hand. At the conference, researchers explained  how they created the wax hand to deceive the “high-security” vein sensor system.

Researchers exploit Vein-based authentication system using a wax hand
Screenshot / Jan Krissler & Julian Albrecht

Vein sensors verify a person by comparing the placement of veins under the hand’s skin of the user to a recorded copy of the same hand. Every time the person’s hand is scanned the patterns have to match for verification purposes. It is indeed surprising that researchers could manage to defeat such a system using something made with “cheap materials,” as claimed by one of the researchers Jan Krissler aka Starbug).

To defeat the vein-based system, researchers obtained 2,500 pictures of a hand with a modified DSLR camera after removing its infrared filter. The pictures were used to create a wax hand with the exact same details of the veins of the person sculpted into it. However, researchers claim that the method isn’t easy to replicate since the process is intensive and quite tricky. Yet, it is concerning that such a reliable and seemingly flawless verification system can be exploited so easily and cheaply.

This is not the first time when researchers at Chaos Computer club have demonstrated such a feat. In 2015, Jan Krissler demonstrated how an image of the fingerprint can be converted into a real fingerprint. In his presentation, Krissler showed the images of Ursula von der Leyen’s (German Federal Minister) fingers he took in October 2014. Then he showed the image of the fingerprints he made out of the original image.

Related Posts