Chaos Communication Congress witnessed a demonstration where security researchers exhibited how a fake hand could be used to easily bypass vein authentication.
Employing bio-metrics and face recognition to safeguard users and avert cyber-cons has now become a common practice.
Another such stratagem is “Vein Authentication”, where the size, shape and position of the users’ veins under their hand’s skin are scanned by the computer.
The vein authentication approach, tries to compare the veins underneath the skin currently being scanned to those already on the record.
This method of authentication, too, unfortunately has a loophole. Security researchers at the annual Chaos Communication Congress in Germany elucidated on the same.
A fake hand of wax was fabricated by the aforementioned team of security researchers to deceive the vein sensing security system.
Quite astonishingly, the vein sensing technique which is deliberated to be a high-security system is pretty easy to hack into, by modifying the camera and using tacky stuff.
Fingerprint sensors had gotten quite main-stream and hence vein authentication evolved as a relief.
Given the fact, that fingerprints could be gathered quite conveniently form a formerly held object but contemplating the position of a person’s veins under their skin is tough.
The previously cited security researchers initially captured their vein structures into a photograph by using a converted SLR camera after getting rid of its infrared filter which enabled them to see their vein patterns.
Now, cameras of such kind could easily be used form a distance of 5 meters to capture pictures and hence vein patterns, especially at events like, press conferences.
The security researchers’ pair considered over 2500 pictures to take the process of studying vein structures to absolution and identify the best image that would work.
Later on, with the help of that very picture, a wax hand was fabricated including the same vein design.
Famous companies like Hitachi and Fujitsu were informed as to this research but failed to comment on the issue.
It took the clever researchers only around a month to get the wax hand ready which could easily be replicated to satiate the rising temptation for cyber-crime.