March 9, 2015 -
In a recent report by Forbes, Chaos Computer Club security researcher Jan “Starbug” Krissler highlighted the vulnerabilities behind some iris-scanning technology in which criminals can use high-resolution images found in Google searches to spoof this biometric solution.
Krissler recently demonstrated a method to fool standard biometric security software by reverse-engineering a fingerprint using high-resolution photographs.
Krissler said he can apply a similar spoofing method to iris-scanning machines by using printed copies of a person’s eyes, as long as they are vivid and large enough.
In his tests in December, Krissler experimented with Panasonic’s Authenticam BM-ET200 iris recognition technology.
“We have managed to fool a commercial system with a print out down to an iris diameter of 75 pixels,” Krissler told Forbes. “I did tests with different people and can say that an iris image with a diameter down to 75 pixel worked on our tests.”
During the tests, he discovered the print out resolution had to be 1200 dpi and at least 75 percent of the iris had to be visible.
And unlike the fingerprint attack where he needed to create a proper clone, the only thing he required for his iris recognition hacks was the print out, said Krissler.