Company refutes potential hack of palm vein scanner
10 January 2019 17:26 GMT

Hungarian biometric firm BioSec has found flaw in an alleged hack of a palm vein scanner. 

BioSec has noted that on 27 December, the German Chaos Computer Club (furthermore: CCC) claimed within the framework of the annual Chaos Communication Congress that it has achieved a “hack” of the different biometric vein scanners.

it noted that the initial process was described in a way that a living hand shall be enrolled and the system mistakenly accepts the presented artificial palm as the “hand” of the owner.

Biosec adds that for correct interpretation of the incident some important information has to be provided: The used environment consists of an outdated predecessor version of a demo application. Such an application is only intended to demonstrate the three basic biometric functionalities (enrolment, verification, identification). This is not comparable with a full productive system where central enrolment under controlled supervision is performed.

"Additionally each solution developed by different solution providers based on PalmSecure ranks the matching of the biometric templates with a defined security score. BioSec systems will only confirm the authentication in case the matching procedure results in a highest security score otherwise the attempt will be rejected. The demonstrated artificial hand produces a very low security score, below the acceptable security level, where only few attempts have been shown as “accepted” in the demo environment with lowest security level, which was also visible in the CCC live demo. Similar spoofing attempts have been carried out in Hungary 2012."

"Besides a high security score, all BioSec systems are protected against duplicated templates, corruption of database and has its own multiple layer authentication algorithm."

BioSec performs continuous development of security, therefore the work of ethical hacker groups is important as one key element of development.

Industry Events