Biometric security hacking is a reality today

Since its advent in the late 1980s, vein matching has been pegged as a potentially revolutionary biometric security technology. Primarily because it was thought that as opposed to fingerprint authentication, it was extremely difficult, if not impossible, to replicate the unique layout of a person’s vascular system.

In fact, the technology’s perceived indomitability led to being used in the headquarters of the German Federal Intelligence Service. But as it turns out, vein matching can be subverted by something as simple as a wax hand.

Vein Matching’s Waxy Weakness

On Dec. 27, security researchers Jan Krissler and Julian Albrecht gave a rather shocking presentation at this year’s Chaos Communication Congress hacking conference in Leipzig, Germany. In it, the pair detailed how they used an SLR camera with a disabled infrared sensor to take subdermal photos of the human hand.


With those photos, the duo was able to create a wax model of a hand that included detailed vascular features. Though incredibly crude in design, the wax sculpture successfully convinced a vein matching scanner that it was a real hand.

Krissler and Albrecht also noted that they sent their findings to representatives at leading vein authentication device manufacturers Hitachi and Fujitsu, but received little feedback.

Problems with Biometric Authentication

While vein matching is the latest type of biometric security to be spoofed, it’s not the only one. Last month, a prominent Chinese businesswoman was erroneously identified as a criminal because a facial recognition program mistook a poster for the real woman.

The same month, the Chinese government began deploying “gait recognition” technology that is unable to perform real-time on live video.

Biometrics’ status as a holistic security solution is also being threatened by pro-privacy developers. In September, an Israeli startup called D-ID unveiled a new program that has the ability to fool facial recognition algorithms. And D-ID confirmed that if the demand is there, they will make their software available to the public.

The Future of the Security Industry Isn’t So Secure

Despite tech problems and privacy concerns, the security industry is still all in on biometrics. In addition to China using biometric solutions to bolster its domestic surveillance efforts, the Transportation Security Administration recently announced plans to use biometric-based security to make American travelers safer.

Moreover, biometrics is increasingly becoming integrated into public event security. Earlier this month, it was revealed that pop star Taylor Swift used facial recognition software to identify known stalkers at a recent concert. And Ticketmaster has made a significant investment in a biometrics firm in hopes of using facial recognition tech for expedited turnstile check-ins.

Hopefully, all the interest and money being poured into biometric security will lead to various solutions being optimized before going fully mainstream. Because right now, the future of the security industry feels unsettlingly insecure.

Facebook Comments