A pair of security researchers demonstrated a spoofing method for palm vein authentication at last month’s Chaos Communication Congress in Leipzig, Motherboard reports.
The method involved the use of an SLR camera with its infrared filter removed, allowing the researchers, Jan Krissler and Julian Albrecht, to image their own vein patterns. Having taken 2,500 images over the course of a month, the researchers honed in on one particular image, and used it to make wax models of their hands that featured fabricated versions of the same vein patterns.
Vein detection is often touted as a powerful anti-spoofing measure, since it theoretically requires a live individual; additionally, vascular patterns cannot be detected by the naked eye and require specialized, if not expensive, imaging technology. With respect to the latter issue, Krissler told Motherboard via email, “It’s enough to take photos from a distance of five meters, and it might work to go to a press conference and take photos of them,” suggesting vein patterns can be surreptitiously captured without much difficulty.
While the spoofing method is unlikely to affect many everyday consumers, partly due to its complexity but also because palm vein authentication is relatively uncommon in consumer-facing contexts, an adversary with sufficient resources and time could use it to breach the more sensitive settings in which palm vein authentication tends to be deployed.
Source: Motherboard
–
January 4, 2019 – by Alex Perala
Related News
Biometrics Can Make Summer Concerts a Breeze: BioSec
Korean Air Introduces Palm Boarding for Domestic Flights
BioSec Pitches GateKeeper for Gated Communities
Researchers Claim Their ‘Master Faces’ Can Fool Facial Recognition Systems. Are They Right?
BioSec’s LifePass Achieves Biometric Platform Status
SUNY Buffalo Pioneers 3D Finger Vein Biometric Authentication Technique
Follow Us