Hackers Deploy Fake Wax Hand To Bypass Vein Authentication Security

Vein authentication is a biometric security technique which utilizes hand veins scanning. However, according to Motherboard, this method has been bypassed. With a fake hand which is made of wax, Jan Krissler and Julian Albrecht carried out a demonstration on how they can get through Fujitsu and Hitachi scanners, which as stated by the manufacturers, cover about 90 percent of the vein authenticating market. Krissler and Albrecht performed this method at the yearly Chaos Communication Congress in Germany.

Fingerprints usually leave imprints on the surfaces after coming in contact with them, whereas vein patterns don’t. Therefore, veins are seen as a much more secure authentication method. However, this did not pose as a challenge for researchers as they could copy the vein layout of their target just from a photo from an SLR camera. The photo was then modified so its infrared filter was removed.

Even though it took only one single photograph and 15 minutes of construction, to carry out a successful demonstration, it required 30 days and more than 2,500 test images. The demonstration also did not go as plan as researchers needed to place one of the scanners under the table to stop the interference of the hall’s lights. Nonetheless, now that the technique has proved to be successful, researchers will probably base on it to develop a more reliable and efficient process.

There are not any smartphones on the market that feature vein authentication yet. This kind of authentication is used more in buildings’ access control like at the signals intelligence agency in Germany. In a statement to Heise Online, a spokesperson from Fujitsu dismissed the hack and claimed that only under lab conditions, did researchers succeed in bypassing the vein authentication. This person also mentioned that it would not work in real life situations.

This is not Krissler’s, also known as Starbug, first time bypassing an important biometric security tech. In 2013, he also succeeded in bypassing Touch ID feature of Apple in just 24 hours after it is launched in Germany. In 2014, he was capable of building a fingerprint model of the German defense minister. By utilizing a contact lens and an infrared image, he’s also shown iris scanning technology vulnerabilities.