With the continuous evolution of technology, people and organisations pay utmost importance to the authentication in order to stay from hackers radar. But whenever a new mode of security is in place, hackers are still finding a way to get around it. Biometric authentication has evolved over time from fingerprints to Face IDs and the latest addition is vein authentication. Now it appears hackers have been able to bypass even the latest (vein) system. Security researchers from Motherboard have demonstrated this at the Chaos hacking conference in Leipzig, Germany using a wax model hand. Before we dwell further let’s have a basic understanding of the vein authentication system.
How does Vein authentication system operate?
The computer system employs a scanner to scan the shape, size, and location of the person’s veins in the hand. Since each person has a unique pattern of veins, the system makes for unbreachable security. Each time the computer scans the patterns of the veins in the person’s hand. Reportedly Signals intelligence agency in Germany employs the vein authentication in its headquarters in Berlin.
How hackers breach the vein authentication system?
The security researchers took around 2500 photos of the hand using the modified SLR camera with a removed infrared filter. This in a way facilitates to have a better view of the veins in the hand. They then made a wax hand sculpted the patterns of the veins that are gathered using the photographs. The wax mock-up hand was enough to replicate and bypass the vein authentication system.
Can anyone use the method to fool vein authentication?
The method is not that easy as it sounds! According to the researchers they took the photographs of the hand from a mere 5 metres (16 feet). But it is quite difficult to get access to the hand in question to click that many numbers of photographs. Also, unlike a fingerprint ID, which can easily be replicated by capturing the fingerprints on an object, it is difficult to access the person’s vein patterns. But whatever may be the case, it still offers enough insights and shows that even the stringent authentication systems can be compromised with the easily available materials.