Experts in the field of computer security, spoke about how hackers can easily circumvent the authorization system based on scanning and analysis of the subcutaneous blood vessels. How this is done, the researchers of biometric authentication systems shared at the annual meeting of the Chaos Communication Congress, traditionally held from 27 th to 29 th December and gathered around themselves experts in computer hacking from around the world.
In Recent years, devices and security systems increasingly rely on so-called biometric methods of authentication, when access to computer systems use software and hardware to scan the unique physiological characteristics of the person. Examples of such systems can serve the same fingerprint scanner, FaceID or technology that is used in the iPhone to grant access to the device on the user's face features. One of the most modern and sophisticated methods of biometric security is the so-called identification vein patterns of the palm, which, as the name implies, scans the size, shape and arrangement of subcutaneous blood vessels in the hand of the user. But as it turned out, the hackers were able to bypass it.the
Held this week in Germany annual world Congress of hackers researchers of digital security told how they managed to create a wax-up the artificial hand and fool with it a system scan of subcutaneous blood vessels.
"the Irony is that such an authorization method is positioned as upscale and advanced security system. But you only need to slightly modify a normal camera, use some pretty cheap materials, and then without problems to hack it", — says Ian Kessler, better known in hacker circles under the pseudonym "starbug", who, along with another expert on hacking computer systems, Julian Albrecht, conducted a study of the identification method according to the pattern of the blood vessels.
Identification Method based on the map of blood vessels uses algorithms to compare the pattern of veins on the hand of the user contained in a database of reference information about this man. According to the latest German media reports, such a system is used, for example, in the new Berlin office of the Federal intelligence service of Germany.
a Couple of the slides that were shown by Chrisleroy during his presentation
One of the features of the authorization system based on the method of scanning of subcutaneous blood vessels, which distinguish it from the method, shall we say, more traditional system of fingerprint scanning is that the hacker is more difficult to calculate structural features map of the blood vessels of the user beneath the skin. If we are talking about fingerprints, get them a duplicate much easier. For example, the sample print can be obtained from the traces left on objects they touched people, either through high-quality photos of fingers.
Krissler and Albrecht created your simulator the palm on the basis of photographs of their own hands. To receive the sample card blood vessels they used a conventional SLR camera with removed the infrared filter.
"enough pictures of palms taken from a distance of about 5 meters. To create less suspicion from the victim such images can be easily obtained, for example, at a press conference the man" — explains Kessler.
A total of 30 days research Krissler and Albrecht received more than 2,500 photographs of hands, taking in the end the most successful options for maximum efficiency. After that hackers were cast from wax models of hands, and then struck to the surface map of the blood vessels.
"When we first lied to the authorization system, I was very surprised how it is easy" — adds Crisler.
The Conclusions of their work, Kessler and Albrecht shared with companies and Hitachi. According to Krissler, Hitachi is very interested in research and even sent its employees to discuss its details. Fujitsu, in turn, has not responded to the message, and queries.
It Should be understood that, Krissler and Albrecht was engaged in this study only about a month. Thus, if sufficient funding and resources probable enemy could repeat the results of these studies by transferring them to the new scale. Fear adds to the fact that objects that are protected by such safety systems typically include large multinational corporations, and government including military organizations that can be of great interest on the part of States opponents.
"Biometrics is an ongoing arms race. Manufacturers are trying constantly to improve their security, but hackers always go back and try the systems to break," — total, Krissler.
By Subscribing , you will be aware of the most interesting events from the world of science and technology.
the existence Of ultrasound has long been known. For decades, technology has helped submarines to navigate in space, and that the doctors can see patients without surgical intervention. In modern ultrasound machines have capacity limitations, but res...
We live in a time when no one can be completely sure that he wasn't followed. Proof of this can be a scandal of 2018, when the users of the service to rent apartment found in a hired room hidden camera. This implies that spyware is afraid of not only...
the Owner of factories, Newspapers, steamships, seems to want not only to settle people on the moon and Mars and to address the global energy crisis, but also to cope with a headache the entire world of logistics – the problem of traffic. Founder and...
Perhaps you've seen "Inner space", a Comedy sci-Fi movie of the 80s about microscopic manned capsule entered in person? Despite the fact that we are still far from the creation of submarines, floating in the human body, technical ...
Chinese school already, track the location of your children through chip is equipped with a "smart form". Each set of clothes — for two chips, which are located on the shoulders. They let you know when the student comes to ...
When we think of wisdom come to mind the ancient philosophers, mystics or spiritual leaders. Wisdom is somehow associated with the past. However, some thought leaders suggest us to reconsider the wisdom in the context of technolog...