Stories
Slash Boxes
Comments

SoylentNews is people

Hackers Make A Fake Hand To Beat Vein Authentication

posted by mrpg on Monday December 31 2018, @11:52AM   Printer-friendly
from the that's-handy dept.

janrinok writes:

Arthur T Knackerbracket has found the following story:

Devices and security systems are increasingly using biometric authentication to let users in and keep hackers out, be that fingerprint sensors or perhaps the iPhone's FaceID. Another method is so-called "vein authentication", which, as the name implies, involves a computer scanning the shape, size, and position of a users' veins under the skin of their hand.

But hackers have found a workaround for that, too. On Thursday at the annual Chaos Communication Congress hacking conference in Leipzig, Germany, security researchers described how they created a fake hand out of wax to fool a vein sensor.

"It makes you feel uneasy that the process is praised as a high-security system and then you modify a camera, take some cheap materials and hack it," Jan Krissler, who goes by the handle starbug, and who researched the vein authentication system along with Julian Albrecht, told Motherboard over email in German.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Hackers Make A Fake Hand To Beat Vein Authentication | Log In/Create an Account | Top | 10 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Interesting) by esperto123 on Monday December 31 2018, @02:34PM (2 children)

    by esperto123 (4303) on Monday December 31 2018, @02:34PM (#780260)

    Again, biometrics is user IDENTIFICATION, if you are using it as a password (or passphrase or whatever), you are bound to have problems.

    user identification is something you don't need to change, generaly it is disirable that it cannot be changed, ever, and a password, that you test against the identification, must be able to change, specially if you have a suspition that it has been compromised. Using something a user cannot change as the challenge is idiotic, because once compromised, there is nothing you can do.

    My bank uses finger print to replace most tasks that required a password, they probably did the math and realised that having clients with easy passwords costs more than the instancies were a finger print is compromised, but when someone finds a way to very easly clone a large number of clients finger prints and steal a huge amount of money, banks and other institutions will continue with this trend.

    Starting Score:    1  point
    Moderation   +3  
       Interesting=2, Informative=1, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 2) by fyngyrz on Monday December 31 2018, @05:35PM (1 child)

    by fyngyrz (6567) on Monday December 31 2018, @05:35PM (#780316) Journal

    Again, biometrics is user IDENTIFICATION

    And as the story teaches us once again, it isn't reliable.

    if you are using it as a password (or passphrase or whatever), you are bound to have more problems.

    FTFY

    --
    I had the house child-proofed. But they must
    have done it wrong. Kids still get in somehow.

    • (Score: 0) by Anonymous Coward on Monday December 31 2018, @08:01PM

      by Anonymous Coward on Monday December 31 2018, @08:01PM (#780369)

      I think the lesson in the story is that they only work under controlled circumstances.

      Bank teller has to verify that the client is not waving a 3d printed fake at the scanner.
      Also check that the client does not have printed finger tip replacements.

      Without that they are a joke.
      So where are they not a joke?