An established form of biometric security has a potential security vulnerability after researchers were able to crack it using a false hand made out of wax.

The low-tech wax hand hack was used to crack vein authentication scanners made by both Hitachi and Fujitsu, which are said to be used by 95 percent of the vein authentication market.

Vein authentication has been around for a number of years now, and is considered by some experts as a more secure biometric system than fingerprints, which can be left behind on certain surfaces and lifted off and used maliciously.

Vein authentication

Typically, vein authentication scanners use a person’s finger or hand vein pattern. Vein patterns are said to be highly unique, with only a one in 34 billion chance that two people share the same vein pattern.

But now researchers think they have found a way to crack the tech, thanks to the use of a wax hand.

According to Motherboard, Jan Krissler and Julian Albrecht demonstrated how they were able to bypass scanners made by both Hitachi and Fujitsu, with their fake hand. The method was demonstrated at the annual Chaos Communication Congress in Germany.

“It makes you feel uneasy that the process is praised as a high-security system and then you modify a camera, take some cheap materials and hack it,” Jan Krissler told Motherboard via email.

Essentially, the researchers were able to copy their target’s vein layout from a photograph taken with an SLR camera modified to remove its infrared filter.

“It’s enough to take photos from a distance of five meters, and it might work to go to a press conference and take photos of them,” Krissler reportedly said.

The two researchers apparently took over 2,500 pictures over 30 days in order to perfect the process and find an image that worked.

They then used that image to make a wax model of their hands which included the vein detail.

“When we first spoofed the system, I was quite surprised that it was so easy,” Krissler reportedly said.

The researchers acted responsibly and disclosed the details of their research to Hitachi, but it seems that Fujitsu did not reply back to them.

Biometric arrival

Biometric security has been in used for a while now, especially in financial circles.

In 2015 for example Barclays launched a new high-end banking service called iPortal, that acts as a central hub for corporate customers to access all of the bank’s services through a single gateway, with entry gained by using Barclays’ Biometric Reader tool.

Prior to that in 2014, a Polish banking services provider (ITCard) began rolling out Europe’s first cash dispensing machines to use vein pattern recognition to identify clients, using a Hitachi technology called VeinID.

Do you know all about biometric technology? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

WhatsApp, Facebook Messenger To Integrate Chats – Report

Chat integration? Facebook is reportedly working to allow WhatsApp users to chat with Facebook Messenger…

9 hours ago

Apple Irish Back Tax Ruling Expected Next Week

Ruling in appeal against European Commission's order that Apple pay the Irish government $16 billion…

10 hours ago

Facebook Boycott Organisers Disappointed With Zuckerberg Meeting

No concessions. Organisers of the advertising boycott of Facebook left disappointed after meeting CEO Mark…

13 hours ago

Google Project Loon Finally Approved For Kenya Deployment

Two years after deal was first signed, Project Loon is approved by Kenyan government for…

14 hours ago

Tech Firms Withhold Data Sharing With Hong Kong

Tech giants pledge pause data sharing with authorities in Hong Kong, after China imposed draconian…

15 hours ago

Government ‘Planning Removal’ Of Huawei 5G Equipment

Government said to be considering dramatic reversal of earlier 5G plans on new security advice…

3 days ago