Reverse-engineered irises created to fool eye-scanners

July 30, 2012 - 

Scientists are now experimenting with technologies to deceive biometrics security.

Academics have created reverse-engineered irises that are able to fool eye-scanners. This new research was released at Black Hat security conferences in Spain and the United States.

For the first time, the academics are able to closely match the eye images of real subjects, which can trick iris-recognition systems and match digital iris codes stored in databases used in identifying people. It can trick security, allowing persons to gain entry at border crossings and secure facilities using biometric security solutions.

Javier Galbally, with colleagues at the Biometric Recognition Group-ATVS, at the Universidad Autonoma de Madrid, and researchers at West Virginia University conducted the research. He said: “The idea is to generate the iris image, and once you have the image you can actually print it and show it to the recognition system, and it will say ‘okay, this is the right guy.’”

Irises are scanned to create iris codes, the binary representation of the image. The iris code, which consists of about 5,000 bits of data, is stored in a database for matching.

Using a genetic algorithm, the researchers took between 100-200 iterations to achieve an iris image that is “sufficiently similar” to one the researchers are trying to reproduce.

Galbally said: “At each iteration it uses the synthetic images of the previous iteration to produce a new set of synthetic iris images that have an iris code which is more similar (than the synthetic images of the previous iteration) to the iris code being reconstructed.”

Furthermore, he said that it takes about five to 10 minutes to produce an iris image that matches an iris code. His team tested the scanned images against a commercial iris recognition system, VeriEye iris recognition system made by Neurotechnology ( and were able to trick the system.

The study assumes that it is possible to hack into a database containing iris codes, such as the one that B12 Technologies maintains for the FBI by tricking someone into having their iris scanned.

But B12 Technologies stated on their Web site that they employ biometric templates that “cannot be reconstructed, decrypted, reverse-engineered or otherwise manipulated to reveal a person’s identity. In short, biometrics can be thought of as a very secure key: Unless a biometric gate is unlocked by using the right key, no one can gain access to a person’s identity.”

Do you believe that more scientists should be attempting to test biometric security systems?

Leave a Comment


About T'ash Spenser

T’ash Spencer writes full time for She has 15 years experience in the field of regional planning and earned her Master’s of Science in Regional Development Planning and Management from the University of Dortmund, Germany. Follow her @tashspencer1.