#BlackHat: Researchers bypass iris scanners with biometric clones

Powered by SC Magazine
 

Researchers tap templates.

View larger image View larger image View larger image

See all pictures here »

An international team of researchers has devised a method of reverse engineering code stored in biometric databases to fool iris recognition systems.

Iris recognition systems are currently deployed by corporations and law enforcement entities around the world, including at Amsterdam's Schiphol Airport and Google's data centres.

Such systems typically scan individuals' irises to produce code that is then filed in a database and used for future matching. 

Black Hat 2012 coverage

Professor Javier Galbally of the Universidad Autonoma de Madrid told the Black Hat conference last week that his team had developed a genetic algorithm to reproduce images of individuals' irises by reverse engineering the database code.

Hackers could then fool security systems by printing the image out to be scanned by the recognition system, for example, by patching the image onto a contact lens to be worn by the attacker.

Galbally said the iris provided among the most reliable forms of identification -- even better than fingerprints -- but "the main problem with the iris is the acquisition".

"Sensors are more expensive, and it's more difficult to acquire because you need more cooperation from the users," he noted.

"The commercial [iris] system only looks for the iris [code] and not an actual eye."

Galbally said there had not been any breaches reported as a result of a bypassing iris recognition systems through synthetic iris images.

"You never know if it's going to be dangerous or not, but the vulnerability is there," he said. "It's good that people are aware that these vulnerabilities exist."

Galbally's research was done in partnership with the West Virginia University in the US and the Biometric Recognition Group-ATVS.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 437

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 210

Vote