Biometric now turns easy for security breach

By Balamurugan Selvaraj Published on May 25, 2017 03:34 PM IST

Chennai: Biometric data has become a major authentication security system in several sectors, which includes defense, banking, etc.

Unlike other system, many people and government bodies tend to believe this technology as most trust worthy.

But literally speaking, the properties of biometric security, which includes fingerprints and iris scan are said to be the most worst authentication method.

WHY BIOMETRIC IS NOT SAFE?

Unlike other authentication methods, the advantage of biometric is that the concerned person can access the account legally. But the flaw is with the sensors. As everyone know, the sensors verify the arrived output with programmed input. If both are matched, then the user can access the account. But here after, you don't even want the concerned person to unlock the biometric.

HOW DOES IT WORK?

Few months back, Chaos Computer Club, an European hacker association found a method to fake fingerprint security. Even they successfully proved the method by faking French defense official's fingerprint just with her photographs.

The group mentioned that, they will soon release a method to fake Iris scan, but none believed them.

Now, the white hackers group successfully faked Iris security feature with a dummy eye. Here, dummy eye is not merely a new concept, it's a method developed from fingerprint spoof, which they developed earlier.

They did this to showcase the insecure drawback in Samsung pay that uses retina scan for payment authentication.

Regarding this, the group published a demonstration video to unlock Iris feature.

Step 1: With the help of 200mm lens camera from a distance of 5 meters, the actor has to take the image of person.

Step 2: Depending on the picture quality, brightness and contrast might needed to be adjusted. And then the iris picture

has to be printed on a laser printer. for best results, the group suggested Samsung printer to spoof Samsung pay.

Step 3: To emulate the curvature of a real eye's surface, a normal contact lens is placed on top of the print. Thus the dummy eye is ready to fool the biometric security.

Using the above steps, the group has successfully fooled the biometric security of Samsung pay, which has been made by the company Princeton Identity.Inc- as the group claims.

WHAT IS NEXT?

This is a big question. If you care more on security, then avoid ease accessibility. Opt for OTP and traditional security

methods, which is less vulnerable than biometric.

FUTURE CHALLENGE

Using eye movements as a security feature may help better in biometrics. Though, it's a future project, it's one of the hope for better security.