Forget bank robbers and kidnappers, it is the hackers we should be more scared of. Two hackers managed to trick a vein scanning system simply by using a wax hand. Vein authentications systems use a computer to scan and verify a user’s veins by studying their shape, size, and position underneath a hand and this is the system that these hackers managed to fool.
While imprints of fingerprints can often be left behind on surfaces just by touching them, vein patterns cannot, and, as a result, are considered to be much more secure. However, security researchers Jan Krissler and Julian Albrecht found the sensors could actually be tricked by none other than creating a fake hand out of wax. Clever hackers.
Krissler and Albrecht exposed their research at Germany’s Chaos Communications Congress earlier this month. Using the wax hand, the pair of tricksters were able to bypass scanners manufactured by Hitachi and Fujitsu. According to the Verge, these brands make up about 95% of the systems used in the vein authentication market.
Although we don’t see much of vein authentication in our daily lives as it isn’t currently used in any mainstream smartphones, it is more commonly used to control access to buildings such as Germany’s signals intelligence agency.
The hackers copied another person’s vein patterns by taking a photograph with an SLR camera that had its infrared filter removed. Taking out the infrared allowed them to see the person’s vein layout. They were then able to build a wax model of the person’s hands that included their veins.
Although constructing the wax hand only required a single photograph and a construction time of 15 minutes, it took 30 days and 2,500 test photos to get to this point. Even their demonstration did not go to plan as the researchers had to put one of the scanners underneath a table to stop the hall’s light’s from interfering with the hack. Despite this, now the method has been proven to work allowing other researchers to build upon it to create a process that’s more efficient and reliable.