Hand Made of Wax Used to Fool Vein Authentication Security

Biometric Security Workaround

Hackers have found an ingenious way to circumvent vein authentication security, through a fake wax hand.

Vein authentication is one of the latest developments when it comes to biometric security. Going beyond mere fingerprints, iris or facial recognition. As the name suggests, vein authentication uses a scan of the shape, size and location of a person’s veins inside a hand. Much like finger prints, no two people can have the same configuration. Even between twins. Which is why, in theory, it should be a formidable security tool.

How Did the Hackers Fool Vein Authentication?

The hackers who fooled the system are actually security researchers. They presented the workaround at the Chaos Communication Congress hacking conference in Leipzig, Germany recently making use of a wax hand. This is not just any wax hand however. The researchers took 2,5000 photos of a hand using a modified SLR camera with its infrared filter removed. This would allow the device to better highlight veins under the skin. The veins are sculpted right into the wax mock-up and the computer deems it real enough to approve authentication.

Obviously, this method is not nearly as easy of a workaround as it sounds. It requires a lot of work to pull off. However, this is more of a proof of concept of what is possible Furthermore, the researchers state that they can use photos taken from as far away as five meters. So even without having direct access to the person’s hand for authentication, resourceful hackers can manage to break in with cheap readily available tools.