Reverse-engineered irises look so real, they fool eye-scanners
July 26, 2012
Synthetic iris image (credit: Javier Galbally)
Remember that scene in Minority Report when the spider robots stalk Tom Cruise to his apartment and scan his iris to identify him?
Things could have turned out so much better for Cruise had he been wearing a pair of contact lenses embossed with an image of someone else’s iris.
New research by Biometric Recognition Group-ATVS, at the Universidad Autonoma de Madrid, and researchers at West Virginia University being released this week at the Black Hat security conference by academics in Spain and the U.S. may make that possible.
The academics have found a way to recreate iris images that match digital iris codes that are stored in databases and used by iris-recognition systems to identify people, Wired Threat Level reports.
The replica images, they say, can trick commercial iris-recognition systems into believing they’re real images and could help someone thwart identification at border crossings or gain entry to secure facilities protected by biometric systems.
The work goes a step beyond previous work on iris-recognition systems. Previously, researchers have been able to create wholly synthetic iris images that had all of the characteristics of real iris images — but weren’t connected to real people.
The images were able to trick iris-recognition systems into thinking they were real irises, though they couldn’t be used to impersonate a real person. But this is the first time anyone has essentially reverse-engineered iris codes to create iris images that closely match the eye images of real subjects, creating the possibility of stealing someone’s identity through their iris.
Comments (7)
by Conrad Green
Yeah the current iris scan I assume scans a fixed image and which is why is hackable. Then they’ll look for unique fluctuation which then someone will create a holographic gif pattern coded program on a liquid crystal contact to chameleon long enough to hack. Then they will fix it to scan organic DNA coded eye fluctuations that match the person in real time but then I assume someone will have recorded the real time sequence of a person’s eye and made a artificial eye simulation program that consist of a organic diagram of a eye and their DNA traits to simulate living and real time movements. Point is…nothing is ever full proof.
by Bri
The arms race is never ending. Strange game, the only way to win is to not play
by Chrispium
That’s actually the extinction strategy.
by Don
Major fail here for the iris scanner solution manufactures. In secure systems, the password is never stored, only a non-reversable hash of the password (which makes it a “one-way” process or function. It is extremely difficult to reproduce a password from a strong hash.) Iris scanners should never be storing digital iris codes in such a way that there is a way to reverse the process. Sounds like the manufactures were focused on the scanning process/technology, and fumbled on the security/storage mechanism, resulting in a “two-way” process. Good news is that this situation is like when websites were storing actual passwords in plain text… that was mostly fixed in just a few years.
by Deavman
FFFFFFFF–K !
by Daniel
How terrifying that terrorists could use this to defeat border checks and get into countries and blow people up. Oh, they wouldn’t use hand held guns so I guess that isn’t terrifying but part of the natural order. No worry here.
by SWP
Good thing this was never widely adopted, huh? Unhackable my arse… everything is hackable.