$10k challenge to breach crypto wallet secured with biometric liveness detection
ITBiometrics is offering a $10,000 prize to the hacker that can breach the ITBx, its “ultra-secure, cold hardware fingerprint wallet” with biometric liveness detection, the company announced.
The company plans to release the first cryptocurrency wallet prototypes in the upcoming weeks. According to the company’s website, the product delivers high-level security due to a biometric fingerprint reader that can detect liveness by reading the user’s pulse.
ITBiometrics claims its innovative biometric fingerprint recognition technology prevents fingerprint spoofing. In a video demonstration two years ago, Andy Finch, ITBiometrics’ CEO, hacked an iPhone with a Gummy Bear to show how easy it is to copy a fingerprint to unlock an iPhone.
Finch made an imprint of his thumb on gelatin material found in gummy bears and an imprint on a silicone mold to capture it and ensure high fingerprint quality. The piece of gelatin instantly unlocked the phone, but not ITBiometrics’s reader with liveness sensing capabilities.
A hack of the ultrasonic fingerprint sensor in Samsung’s Galaxy S10 smartphone likewise indicate the system does not include liveness detection.
The ITBx Fingerprint Crypto Wallet also incorporates multi-signature authentication, open-source storage, and ephemeral key wrapping—features that will give hackers an even harder time, the company argues.
The contest invites both professionals and amateurs to try and breach the system to ultimately confirm the opportunities biometric security provides for cryptocurrency wallets. The individual who can hack the wallet will have to share the method used, and allow the company to use her or his name in testimonials and PR campaigns.
At this year’s Def Con virtual hacking conference, security researcher Yamila Levalle from Dreamlab Technologies explained how she went around the biometric authentication feature in multiple fingerprint readers simply by using a low-cost 3D printer. Last year at the GeekPwn conference a team from Tencent’s X-Lab demonstrated a low-cost method of spoofing the fingerprint sensors of smartphones with stolen latent prints.