Black Hat Conference Shows How Biometric Identification Can Be Fooled and Hacked With Duplicating the Actual Iris–Some H
Posted Jul 30 2012 10:30am
This is something worth paying attention to for sure and is not a panic to think that all systems currently using such systems are a failure by all means. This is more or less a new warning for the companies that manufacture authentication system as such to take another look around and go the next step to hopefully further secure this method of identification. Each year the Black Hat and Defcon conferences are held in Las Vegas, back to back and hackers and others demonstrate vulnerabilities. These conferences have come a long way since their beginnings to where they were considered a bit of a nuisance to now as we had the US National Security Director in attendance trying to hire some of these folks. In addition, companies like Apple and Microsoft certainly attend as they too are looking for knowledge and vulnerabilities found by others outside the company. Here’s an example of a clinic using the “Iris” identification method. It certainly does it’s job well but and works well, but again this is warning and more work for the biometric company in the area of security.
The commercial systems looks for the iris “code” not an actual eye, so again this goes back to a statement of wisdom made by another security expert, “those who have the code rule the world”. It’s kind of scary but if you missed this post and video on how criminals use technology, it is worth watching for awareness and not to set everyone off in a panic by all means, but the dark side does exist. Again, this is how technology works, looking for the “code for your eye” not your actual eye.
The dark side certainly makes it more difficult as well to catch Medicare and Medicaid fraud and so far we have not heard of any state of the art techniques used in the news as most of the fraud in this area are just algorithms that run to beat the the other algorithms in the system to make money and so far that has worked until they get caught of course. This is all many of the crooks do, work with code so it definitely works havoc and they are not seeing patients, only working for the money. The link below has a couple videos including an interview with a former hacker who did just this for years.
In essence with code, it’s not much different than the extreme intelligence used in the stock trading systems with everyone working on one algorithm to out do the other one, find where it’s hiding and execute code. This is what lead me to write my series called “The Attack of the Killer Algorithms” to cite some every day examples on how this happens in real life, with not humans but rather “code” making the call and why we need formulas that give “accurate” results versus “desired” results and the two should be the same, but not always, just read the financial news today and it lives amongst us though, but hard to find and identify as it works in the background and there’s nobody minding the shop with checking for accuracy. Quants get busted with formulas that do not give accurate information and sometimes what gets even a bit scarier is that they themselves believe their own formulas are correct as the code makes profit for them. When formulas are created and marketing media spins the reports that go along with the algorithms, you get a bit of a mess out there. BD
A highly secure biometric form of identity authentication was also undermined at Black Hat. Spanish researchers showed how they could create a lifelike image of the iris of a person's eye. In tests against a top commercial recognition system, the iris scanner was fooled 80 percent of the time, according to the team from Universidad Autonoma de Madrid.