Security experts at the Black Hat conference in Las Vegas have shown how it is possible to circumvent Iris scanners, believed to be one of the most secure biometric authentication methods in use today.
Iris scanners reduce an image to a string of code and store it in a database. It was previously thought that reverse-engineering the code back into an image would not be possible, but a team from a Spanish university has done it with an 80 percent success rate.
Iris scanners, first developed in 1987, use the unique pattern of the coloured part of the eye to identify people. They are widely used in airports, including London’s Heathrow and Gatwick, for immigration control and speeding up check-in procedures.
When the device takes a picture of the eye, it reduces the image to a code which consists of about 5,000 bits of data. The code is then used for recognition and stored in a database. The researchers have proved that if an attacker manages to hack the database and steal the codes, he or she can reverse-engineer them to create images which then can be printed out to create “fake eyes”.
Iris scanning technology is considered to be one of the most dependable security solutions, much more reliable than fingerprint or voice recognition. However, when researchers tested their synthetic images against popular iris recognition system VeriEye, they managed to deceive it four out of five times, reports the BBC.
While creating a fake image of an iris from scratch is simple, it was previously thought that reconstructing one from an iris code was impossible. According to Wired, the researchers are using clever “genetic algorithms” inspired by evolution to produce natural-looking iris pictures.
Yet in the UK, some major organisations have moved away from iris recognition. In February, Iris Recognition Immigration System (IRIS) terminals were closed at Birmingham and Manchester airports, with Heathrow and Gatwick set to abandon the scheme after the London 2012 Olympics.
The IRIS programme was axed in favour of chipped ePassports and e-gates using facial recognition technology, after many users complained that instead of saving time, going though the scanner could actually take longer than regular passport control.
Can you look after your personal data online? Take our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…