They create false images of eyes can deceive security scanner
In films like “Charlie’s Angels” and other such lenses have seen that replicate the Eye of another person to open a Security door using the biometric system to support this step. Well, it turns out that security researchers achieved something similar, but in real life.
A team from the Universidad Autonoma de Madrid managed to recreate the image of an iris good enough to fool security systems, from real irises digital codes stored in a database security. The discovery was shown at the annual black hat in Las Vegas, and raises concerns, because this is considered one of the most secure biometric methods.
The team, led by Javier Galbally, was able to print images of a synthetic iris, tested with the iris scanner VeriEye managed to cheat the system by 80% of the time.
The method used by the researchers was to use the “iris codes” stored in a database, obtained from scans of real eyes. Were also used synthetic irises created entirely with a computer, which were modified until it wedged with real images of the iris. We used a genetic algorithm to achieve this result.
Such algorithms can improve a result from several iterations of data processing. In this case, the algorithm discussed synthetic images and altered until they would produce an iris code almost identical to that produced the actual scanning of the eye.
The algorithm takes between 100 and 200 iterations to reach a result “similar enough” to try to fool the recognition system.
Iris scanners work with a “similarity score” as the scanning twice eye images do not get exactly the same, but there is a certain range of flexibility to accept the image if it is close enough. The algorithm takes advantage of this feature.
Not content to fool the machine, the researchers showed 50 pictures of real irises irises and 50 synthetic images of two groups of people: biometric experts and ordinary people. The experts were fooled only 8% of the time, while real people could not tell if it was real or fake 35% of the time on average, a fairly high rate. Anyway, even those having an average better than 80% which reached VeriEye system.
To perform such an attack, would require access to the database of iris codes of a first company. That does not mean it can not be done, the attacker could hack the database or deceive the right people to be scanned eyes.black hat, Defcon, Eye, hack, Hacker, iris, scanner, Security