Devices and security systems are increasingly using biometric authentication to let users in and keep hackers out, be that fingerprint sensors or perhaps the iPhone's FaceID. Another method is so-called "vein authentication", which, as the name implies, involves a computer scanning the shape, size, and position of a users' veins under the skin of their hand.
But hackers have found a workaround for that, too. On Thursday at the annual Chaos Communication Congress hacking conference in Leipzig, Germany, security researchers described how they created a fake hand out of wax to fool a vein sensor.
"It makes you feel uneasy that the process is praised as a high-security system and then you modify a camera, take some cheap materials and hack it," Jan Krissler, who goes by the handle starbug, and who researched the vein authentication system along with Julian Albrecht, told Motherboard over email in German.
(Score: 5, Interesting) by esperto123 on Monday December 31 2018, @02:34PM (2 children)
Again, biometrics is user IDENTIFICATION, if you are using it as a password (or passphrase or whatever), you are bound to have problems.
user identification is something you don't need to change, generaly it is disirable that it cannot be changed, ever, and a password, that you test against the identification, must be able to change, specially if you have a suspition that it has been compromised. Using something a user cannot change as the challenge is idiotic, because once compromised, there is nothing you can do.
My bank uses finger print to replace most tasks that required a password, they probably did the math and realised that having clients with easy passwords costs more than the instancies were a finger print is compromised, but when someone finds a way to very easly clone a large number of clients finger prints and steal a huge amount of money, banks and other institutions will continue with this trend.
(Score: 2) by fyngyrz on Monday December 31 2018, @05:35PM (1 child)
And as the story teaches us once again, it isn't reliable.
FTFY
--
I had the house child-proofed. But they must
have done it wrong. Kids still get in somehow.
(Score: 0) by Anonymous Coward on Monday December 31 2018, @08:01PM
I think the lesson in the story is that they only work under controlled circumstances.
Bank teller has to verify that the client is not waving a 3d printed fake at the scanner.
Also check that the client does not have printed finger tip replacements.
Without that they are a joke.
So where are they not a joke?