An established form of biometric security has a potential security vulnerability after researchers were able to crack it using a false hand made out of wax.

The low-tech wax hand hack was used to crack vein authentication scanners made by both Hitachi and Fujitsu, which are said to be used by 95 percent of the vein authentication market.

Vein authentication has been around for a number of years now, and is considered by some experts as a more secure biometric system than fingerprints, which can be left behind on certain surfaces and lifted off and used maliciously.

Vein authentication

Typically, vein authentication scanners use a person’s finger or hand vein pattern. Vein patterns are said to be highly unique, with only a one in 34 billion chance that two people share the same vein pattern.

But now researchers think they have found a way to crack the tech, thanks to the use of a wax hand.

According to Motherboard, Jan Krissler and Julian Albrecht demonstrated how they were able to bypass scanners made by both Hitachi and Fujitsu, with their fake hand. The method was demonstrated at the annual Chaos Communication Congress in Germany.

“It makes you feel uneasy that the process is praised as a high-security system and then you modify a camera, take some cheap materials and hack it,” Jan Krissler told Motherboard via email.

Essentially, the researchers were able to copy their target’s vein layout from a photograph taken with an SLR camera modified to remove its infrared filter.

“It’s enough to take photos from a distance of five meters, and it might work to go to a press conference and take photos of them,” Krissler reportedly said.

The two researchers apparently took over 2,500 pictures over 30 days in order to perfect the process and find an image that worked.

They then used that image to make a wax model of their hands which included the vein detail.

“When we first spoofed the system, I was quite surprised that it was so easy,” Krissler reportedly said.

The researchers acted responsibly and disclosed the details of their research to Hitachi, but it seems that Fujitsu did not reply back to them.

Biometric arrival

Biometric security has been in used for a while now, especially in financial circles.

In 2015 for example Barclays launched a new high-end banking service called iPortal, that acts as a central hub for corporate customers to access all of the bank’s services through a single gateway, with entry gained by using Barclays’ Biometric Reader tool.

Prior to that in 2014, a Polish banking services provider (ITCard) began rolling out Europe’s first cash dispensing machines to use vein pattern recognition to identify clients, using a Hitachi technology called VeinID.

Do you know all about biometric technology? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago