Biometric security systems that involve person's unique identification (ID), such as Retinal, IRIS, Fingerprint or DNA, are still evolving to change our lives for the better even though the biometric scanning technology still has many concerns such as information privacy, and physical privacy.
In past years, Fingerprint security system, which is widely used in different applications such as smartphones and judicial systems to record users' information and verify person's identity, were bypassed several times by various security researches, and now, IRIS scanner claimed to be defeated.
Don't worry! It's not like how they do it in movies, where an attacker needs to pull authorized person's eye out and hold it in front of the eye scanner. Instead, now hackers have finally found a simple way to bypass IRIS Biometric security systems using images of the victims.
The same security researcher Jan Krissler, nicknamed Starbug, from the famous Chaos Computer Club (CCC), who cloned fingerprint of a Germany's federal minister of defense using her pictures taken with a "standard photo camera" at a news conference, have claimed that the same technique is possible to fool IRIS biometric security systems.
Back in December, at 31st Annual Chaos Computer Conference in Hamburg Germany, Krissler explained how he used a close-up photo of Ms Ursula von der Leyen's thumb taken from different angles and created an accurate thumbprint using commercial fingerprint software from Verifinger.
Krissler then created an accurate clone of the minister's thumb print, though he wasn't able to verify whether the clone matched with the copy of von der Leyen's thumb, as he hadn't gotten her permission to carry out his further tests.
However, in an upcoming talk at the Vancouver-based security conference this month, Krissler will detail how the similar thing can be done with eyes simply by using pictures gathered from the Internet.
IRIS SECURITY SCANNER HACK DEPENDS UPON:
He told Forbes that the attack depends on a number of factors, such as-
- Target's eyes must had to be bright because of the way the infrared-based system his company bought for Krissler used light.
- The image should be large and expanded.
- Image of the iris with diameter of 75 pixels.
- Print out should have a resolution of 1200 dpi
The major difference between the two technique is that unlike fingerprint biometric security systems bypass that requires to create a proper clone of the finger, IRIS recognition hacks only need is the print out, the researcher claims.
"We have managed to fool a commercial system with a print out down to an iris," Krisser told Forbes. "I did tests with different people and can say that an iris image with a diameter down to 75 pixel worked on our tests. The print out had to have a resolution of 1200 dpi too, though it's easy to find printers able to hit that specification today, and ideally at least 75 per cent of the iris was visible."
So, an attacker willing to carry out this kind of attack just needs a high definition picture of the target person with a lovely bright eyes, and unsurprisingly, there are a vast number of high quality images of some of most powerful personality in the world are available on the Internet.
A simple search on Google Images can provide you with a number of attractive targets from the political world, including Russian president Vladmir Putin, Hillary Clinton and UK prime minister David Cameron.
Krisser found an election poster of Angela Merkel with an Iris diameter of 175 pixels that was ideal.
Biometric Security Systems has been used in airports and other high-secure buildings for a long time to permit access to sensitive tools and information.
Though many of these biometric security products offer great promises, but hackers and criminals will not just give up their self-enriching efforts to defeats every new technology.
Biometric Security Systems has been used in airports and other high-secure buildings for a long time to permit access to sensitive tools and information.
Though many of these biometric security products offer great promises, but hackers and criminals will not just give up their self-enriching efforts to defeats every new technology.