Security researchers worked out a study at the Chaos Communication Congress to show how hackers can pass vein-based authentication.
Devices and security systems recognize users biometrics with fingerprint sensors or FaceIDs to keep them away from hackers. Another method is vein authentication, which includes a computer that scans the shape, size, and position of the user’s veins.
However, hackers also found a temporary solution for vein authentication. At the annual hacker conference of the Chaos Communication Congress, organized in Leipzig, Germany, security researchers announced that they created a fake hand out of wax to fool a vein sensor.
Vein authentication works with systems that compare a user’s placement of veins under their skin compared to a copy on record.
The reason why the vein-based system is preferred instead of the traditional fingerprint system by hackers:
Is it easy for a victim to copy the position of the veins under his or her hand, or is it easy to learn from a high-quality photograph or a held-on fingerprint?
But with that said, Krissler and Albrecht first took photos of their vein patterns. They used a converted SLR camera with the infrared filter removed; this allowed them to see the pattern of the veins under the skin.
“It’s enough to take photos from a distance of five meters, and it might work to go to a press conference and take photos of them,” Krissler explained. In all, the pair took over 2,500 pictures to over 30 days to perfect the process and find an image that worked.
Then he used these images to make a wax containing the vein details. “When I tried the system for the first time, I was surprised that it was so easy,” Kr Krissler said.