An established form of biometric security has a potential security vulnerability after researchers were able to crack it using a false hand made out of wax.

The low-tech wax hand hack was used to crack vein authentication scanners made by both Hitachi and Fujitsu, which are said to be used by 95 percent of the vein authentication market.

Vein authentication has been around for a number of years now, and is considered by some experts as a more secure biometric system than fingerprints, which can be left behind on certain surfaces and lifted off and used maliciously.

Vein authentication

Typically, vein authentication scanners use a person’s finger or hand vein pattern. Vein patterns are said to be highly unique, with only a one in 34 billion chance that two people share the same vein pattern.

But now researchers think they have found a way to crack the tech, thanks to the use of a wax hand.

According to Motherboard, Jan Krissler and Julian Albrecht demonstrated how they were able to bypass scanners made by both Hitachi and Fujitsu, with their fake hand. The method was demonstrated at the annual Chaos Communication Congress in Germany.

“It makes you feel uneasy that the process is praised as a high-security system and then you modify a camera, take some cheap materials and hack it,” Jan Krissler told Motherboard via email.

Essentially, the researchers were able to copy their target’s vein layout from a photograph taken with an SLR camera modified to remove its infrared filter.

“It’s enough to take photos from a distance of five meters, and it might work to go to a press conference and take photos of them,” Krissler reportedly said.

The two researchers apparently took over 2,500 pictures over 30 days in order to perfect the process and find an image that worked.

They then used that image to make a wax model of their hands which included the vein detail.

“When we first spoofed the system, I was quite surprised that it was so easy,” Krissler reportedly said.

The researchers acted responsibly and disclosed the details of their research to Hitachi, but it seems that Fujitsu did not reply back to them.

Biometric arrival

Biometric security has been in used for a while now, especially in financial circles.

In 2015 for example Barclays launched a new high-end banking service called iPortal, that acts as a central hub for corporate customers to access all of the bank’s services through a single gateway, with entry gained by using Barclays’ Biometric Reader tool.

Prior to that in 2014, a Polish banking services provider (ITCard) began rolling out Europe’s first cash dispensing machines to use vein pattern recognition to identify clients, using a Hitachi technology called VeinID.

Do you know all about biometric technology? Take our quiz!

Tom Jowitt @TJowitt

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Recent Posts

Near Miss With Drone At Gatwick Airport

Rogue drone came within 20m (65ft) of a passenger plane as it flew in to Gatwick Airport in July

13 hours ago

Microsoft, IBM Join Forces With Linux Foundation To Fight Patent Trolls

Don't feed the trolls. Partnership to fight 'Patent Assertion Entities', otherwise known as patent trolls

14 hours ago

Big Data: The Race for Talent

Data is now every business’s most precious commodity. Having a workforce that can manage this resource is an imperative for…

16 hours ago

Cisco Files Lawsuit Against Former Employees

Three former staffers allegedly stole thousands of confidential files when they detected to competitor

16 hours ago

Google Cloud Next UK: Google Highlights European Data Protections

Largest Google Cloud event in Europe sees search engine giant commit to enhance European data protection with additional tools

17 hours ago

Google Cloud Next UK: Google Touts Vodafone, John Lewis Deals

Google kicks off its largest Google Cloud event in Europe touting contracts with Vodafone, as well as the John Lewis…

19 hours ago