Right now when it comes to biometric security, the most popular option available out there is still fingerprint. However in recent times we’re also see interest in facial recognition, thanks largely to Apple’s success with Face ID. Then there is also iris scanning which Samsung uses, and to a much lesser extent, vein scanning.
Now the idea of vein scanning is that because it has a wider surface area compared a finger, the advantage it supposedly has is that it will allow for more points of authentication. Also because unlike fingerprints which can be lifted, it’s harder for someone to figure out how your veins are positioned underneath your skin. Unfortunately it seems that hackers have since managed to find a way around it, which was revealed at the annual Chaos Communication Congress hacking conference in Leipzig, Germany.
It seems that at the conference, security researchers managed to fool a vein-based authentication system by creating a fake hand out of wax along with replicated vein patterns. This was done by taking a photo of the vein patterns of the researchers with the infrared filter removed, thus allowing them to see the patterns of the veins under the skin.
Granted it took about 2,500 photos and over 30 days to perfect the process, but the fact is that the photo could be easily taken from a distance of 5 meters, meaning that you wouldn’t necessarily be able to tell if someone was trying to photograph your veins for such a purpose. In an email conversation with Motherboard, one of the researchers Jan Krissler (who worked on the system alongside Julian Albrecht) said, “It makes you feel uneasy that the process is praised as a high-security system and then you modify a camera, take some cheap materials and hack it.”