Iris Scanners Hacked At Black Hat USA 2012

Security experts at the Black Hat conference in Las Vegas have shown how it is possible to circumvent Iris scanners, believed to be one of the most secure biometric authentication methods in use today.

Iris scanners reduce an image to a string of code and store it in a database. It was previously thought that reverse-engineering the code back into an image would not be possible, but a team from a Spanish university has done it with an 80 percent success rate.

Eye spy

Iris scanners, first developed in 1987, use the unique pattern of the coloured part of the eye to identify people. They are widely used in airports, including London’s Heathrow and Gatwick, for immigration control and speeding up check-in procedures.

A team from the Universidad Autonoma de Madrid led by Javier Galbally, together with researchers from West Virginia University, has managed to produce synthetic images of the iris that can successfully pass trough the scanner.

When the device takes a picture of the eye, it reduces the image to a code which consists of about 5,000 bits of data. The code is then used for recognition and stored in a database. The researchers have proved that if an attacker manages to hack the database and steal the codes, he or she can reverse-engineer them to create images which then can be printed out to create “fake eyes”.

Iris scanning technology is considered to be one of the most dependable security solutions, much more reliable than fingerprint or voice recognition. However, when researchers tested their synthetic images against popular iris recognition system VeriEye, they managed to deceive it four out of five times, reports the BBC.

While creating a fake image of an iris from scratch is simple, it was previously thought that reconstructing one from an iris code was impossible. According to Wired, the researchers are using clever “genetic algorithms” inspired by evolution to produce natural-looking iris pictures.

Yet in the UK, some major organisations have moved away from iris recognition. In February, Iris Recognition Immigration System (IRIS) terminals were closed at Birmingham and Manchester airports, with Heathrow and Gatwick set to abandon the scheme after the London 2012 Olympics.

The IRIS programme was axed in favour of chipped ePassports and e-gates using facial recognition technology, after many users complained that instead of saving time, going though the scanner could actually take longer than regular passport control.

Can you look after your personal data online? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago