Reverse-engineered irises look so real, they fool eye-scanners

July 26, 2012

Synthetic iris image (credit: Javier Galbally)

Remember that scene in Minority Report when the spider robots stalk Tom Cruise to his apartment and scan his iris to identify him?

Things could have turned out so much better for Cruise had he been wearing a pair of contact lenses embossed with an image of someone else’s iris.

New research by Biometric Recognition Group-ATVS, at the Universidad Autonoma de Madrid, and researchers at West Virginia University being released this week at the Black Hat security conference by academics in Spain and the U.S. may make that possible.

The academics have found a way to recreate iris images that match digital iris codes that are stored in databases and used by iris-recognition systems to identify people, Wired Threat Level reports.

The replica images, they say, can trick commercial iris-recognition systems into believing they’re real images and could help someone thwart identification at border crossings or gain entry to secure facilities protected by biometric systems.

The work goes a step beyond previous work on iris-recognition systems. Previously, researchers have been able to create wholly synthetic iris images that had all of the characteristics of real iris images — but weren’t connected to real people.

The images were able to trick iris-recognition systems into thinking they were real irises, though they couldn’t be used to impersonate a real person. But this is the first time anyone has essentially reverse-engineered iris codes to create iris images that closely match the eye images of real subjects, creating the possibility of stealing someone’s identity through their iris.