How do you fool biometric systems? Is it possible?

Biometrics is the recognition of personality by physical or behavioral traits. Fingerprints, retina, face shape, voice and even gait are all biometric parameters that can be used to identify an individual.

The average citizen is more likely to see biometric recognition in movies than in real life. But even in simple everyday situations, you can encounter these technologies. For example, Touch ID on iPhone – just biometric recognition.

This method of recognition is considered the most perfect, as identification is carried out by unique markers, in theory inherent only in one specific person and no one else. Password can be picked up or overheard, with the key to make a copy, but grow exactly the same finger as the right person, but with the same pattern on the pillow is not yet anyone has learned.

Like stealing a finger

However, even such recognition systems can be deceived. And we are not talking about cutting off a finger now, although such methods are now used, for example, car thieves. The fingerprint recognition sensor can be wrapped around the finger with a trite impression.

This method was demonstrated by Vkansee several years ago. The praised Apple Touch ID recognizes lines on the fingertips, but does not recognize the material. The Vkansee guys demonstrated that just like the owner’s finger, the sensor reacts to the impression. The experiment was carried out with two types of material – conventional children’s plasticine and dental silicone (used to create dental impressions). In both cases, the Touch ID did not recognize substitutions.

We agree that this is rather a proof-of-concept method, a conceptual study showing the theoretical possibility of cracking. It’s hard to imagine this in reality – except in a second-rate film where an important person is called to a kindergarten matinee and slipped some plasticine to play with children.

But what if we told you that it is not necessary to get a cast directly? Yes, you can get fingerprints without even getting close to the right person. You can even take a cast from a photo – very high quality, of course. This opportunity was well demonstrated by German hacker Jan Kressler. Using pictures of German Defense Minister Ursula von der Leyen, Kressler created a model of the official’s fingerprints with the help of special software. And one photo of the hacker took by himself, and the second one did not have to go far at all – it was in the official press release of the ministry.

All in sight, and this is the main problem

The main problem with biometric data is that it can be copied. Given the development of modern technology – even too easy. The iris can be “stolen” in the same way – without taking out the eyes of the owner. You need a good camera and a 3D printer.

“The easiest way to take a picture of the iris is with a digital camera in night mode, or remove the infrared filter from it. In the spectrum of infrared light (which is usually filtered out), you can clearly see the small, usually difficult to distinguish, iris details of darker eyes,” hackers from the Chaos Computer Club community write.


“A good digital camera with a 200mm lens at a distance of up to 5 meters is enough to take an iris picture with the right resolution.”

The facial recognition system can also be deceived. Cyber security specialists from Bkav have demonstrated that algorithm Face ID from Apple can be cracked with the same contact lenses and 3D face mask made on the printer. The recognition system, which involves conventional and infrared cameras, spot projector, machine learning algorithms, secure storage and secure data processing, turned out to be quite holey.

Experts from Bkav agree that such method of deception of biometric systems is rather labour-consuming and demands a lot of time. But in cases with “big bumps” it can be justified. In Bkav do not recommend to use Face ID and similar algorithms at business transactions, and also warn known people against use of these systems.

The future is coming, and it is disappointing

It seems that biometric security systems are no safer than classic codes and passwords. You can learn a password and not store it anywhere but your head – but how can you hide your eyes and fingerprints from others? Eternal glasses and gloves?

Another important problem lies precisely in the uniqueness of biometric data. In case of hacking the conditional password storage, it can be replaced. And what to replace a fingerprint, if hackers “steal” the database of prints?

Most likely, biometrics can only be an addition to classic security methods, but not an independent technology. What seemed to be the pinnacle of progress a couple of decades ago is disappointingly imperfect today.



0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments

Do NOT follow this link or you will be banned from the site!
Would love your thoughts, please comment.x

Spelling error report

The following text will be sent to our editors: