Vein Authentication (Vein Authentication) is defeated by a fake hand

Security researchers have revealed a new piece of information at the Chaos Communication Congress (Chaos Communication Congress) that hackers can penetrate static-based authentication by creating a fake hand.

Security devices and systems are tending to use biometric-based authentication such as fingerprint, iris, face detection . to allow users to access and prevent Intrusion of hackers instead of passwords as traditional.Recently, there is another method called venous authentication, which, as its name implies, will use a computer to scan the shape, size and position of the subcutaneous venous system. User's hand.But is this advanced biometric authentication method the most optimal security solution today?

Vein Authentication (Vein Authentication) is defeated by a fake hand Picture 1

1. Hacker purged two-factor security just by automated phishing attacks

Vein authentication works based on systems that compare the user's vein location with the stored copy.According to a recent report from German news agency DPA, BND signaling agency, Germany used vein authentication as a security option in its new headquarters in Berlin.

An attractive feature of a vein authentication system compared to traditional fingerprint scanning systems is that an attacker will often be unable to obtain information about the position and vein structure of others because of simplicity. The circuit lies beneath the skin layer, instead of lying 'open-air' and easily stolen as fingerprints.

However, it is sad that a recent test has shown that your venous structure can still be stolen normally.Two German security experts Jan Krissler and Julian Albrecht defeated vein security by capturing samples of their vein structures.Specifically, they used a converted DSLR camera with an infrared filter, allowing them to see patterns of veins under the skin.In total, the couple had to take 2,500 photos and over 30 days to complete the process to find the most accurate image.

Vein Authentication (Vein Authentication) is defeated by a fake hand Picture 2

1. Can the phone be unlocked by the fingerprint of the dead?

Later, the two experts used this image to create a wax pattern of the hand that included all the exact details of the vein structure.'So we were able to create a 1: 1 copy of our own vein structure and use it to fool the vein authentication security system.At first I was quite surprised because it was so easy, 'said Krissler.

Researchers have revealed details of their test to Fujitsu and Hitachi corporations.According to Jan Krissler, he presented his research to Hitachi and Fujitsu employees - these two companies are at the forefront of designing and manufacturing vein authentication systems for feedback.Currently Fujitsu and Hitachi have not yet made any comments.

Jan Krissler and Julian Albrecht only spent about a month doing this research.This suggests that puncture the vein authentication system takes time but is not difficult to implement, especially when the thieves are backed by great forces.

Vein Authentication (Vein Authentication) is defeated by a fake hand Picture 3

1. Fake fingerprints of AI are able to unlock the security of current smartphones

'Biometric security is always an arms race.Manufacturers constantly improve their systems, hackers appear and break that system, manufacturers find ways to patch, this is an endless cycle, "said Jan Krissler.

See more:

1. The corner of getting rich: A company hung a $ 1 million prize for anyone who hacked WhatsApp and iMessage
2. Warning: New extortion code GandCrab is attacking Vietnamese Internet users
3. Quora's question and answer page was attacked, causing 100 million users to leak personal information
4. Vulnerabilities in Android allow malware to read device information even without permission