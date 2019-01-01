Email
article imageHackers crack vein authentication security

By Tim Sandle     55 mins ago in Technology
Hackers have constricted a fake hand out of wax and used this to show the weaknesses in vein authentication software. The software, which scans the vein patterns in hands and compares them to stored images, is not as robust as security experts thought.
The report on the by-passing of the authentication software has been reported by Motherboard. In a test case, hackers used a fake hand constructed from wax. The hand was designed and built by Jan Krissler and Julian Albrecht. Using the wax hand the two were able too overcome authentication scanners bypass scanners designed by both Hitachi and Fujitsu. These types of scanners represent about 95 percent of the vein authentication market.
The bypassing of the security systems was undertaken in order to highlight vulnerabilities, with a demonstration held at Germany’s annual Chaos Communication Congress. The event, which runs from December 27 to December 30, took place at Leipzig, and it has a ficus on security, cryptography, privacy and online freedom of speech. The 2018 theme was 'Refreshing Memories'.
Vein authentication is a biometric security method which scans the veins in your hand. Hitachi was the first to develop and patented a finger vein identification system.The technology is currently in use for a wide variety of applications, such as credit card authentication, automobile security, employee time and attendance tracking; plus, computer and network authentication, end point security and automated teller machines. Close to home, in terms of where the hacking experiment took place, Germany’s signals intelligence agency (BND) uses the technology within its Berlin headquarters.
With the hack, constructing the wax hand eventually only required a single photograph and a construction time of 15 minutes (although the lead up develop,met work took considerably longer), according to The Verge. With the photograph, the hackers took the image using an SLR camera that had its infrared filter removed. By disabling the infrared filter, they were able to see the person's vein layout.
