Hackers bypass vein based authentication by using the wax hand model

At the Chaos Communication Congress hacking conference in Germany, security researchers successfully deceived the vein authentication system through a wax hand model. However, this “breaking” is not easy. The principle of vein authentication is that according to the blood flowing in the human finger, the light of a specific wavelength can be absorbed, and the finger is irradiated with a specific wavelength of light to obtain a clear image of the finger vein.

Image: Krissler, Albrecht

Using this inherent scientific feature, the acquired image will be analyzed and processed to obtain the biometric characteristics of the finger vein, and the obtained finger vein feature information will be compared with the previously registered finger vein feature to confirm the identity of a registrant.

The researchers used a modified, infrared-filtered SLR camera to take 2,500 hand photos. These photos highlight the veins under the skin, and the researchers then made a wax hand engraved with details of the human vein, which eventually deceived the vein authentication system. “It’s enough to take photos from a distance of five meters, and it might work to go to a press conference and take photos of them,” Krissler explained.

Via: motherboard