Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reverse-Engineered Irises Fool Eye-Scanners

Posted by Soulskill on from the now-you-eyes-are-slightly-safer dept.

Maximum Prophet writes "If you've ever had your eyes scanned, be sure to install new ones every 90 days. Wired reports on research being released at Black Hat: 'The replica images, they say, can trick commercial iris-recognition systems into believing they’re real images and could help someone thwart identification at border crossings or gain entry to secure facilities protected by biometric systems. The work goes a step beyond previous work on iris-recognition systems. Previously, researchers have been able to create wholly synthetic iris images that had all of the characteristics of real iris images — but weren’t connected to real people. The images were able to trick iris-recognition systems into thinking they were real irises, though they couldn’t be used to impersonate a real person. But this is the first time anyone has essentially reverse-engineered iris codes to create iris images that closely match the eye images of real subjects, creating the possibility of stealing someone’s identity through their iris.'"

4 of 98 comments (clear)

  1. Passwords can be changed when compromised... by Kenja · · Score: 4, Insightful

    your iris can not. Well, not without some B grade horror movie level surgery. This is the fundamental issue with biometrics.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  2. Re:Problem with biometrics by leonardluen · · Score: 3, Insightful

    biometrics are fine, this just illustrates why you need 2 factor security.

  3. Lock and the lock pick. by steelfood · · Score: 4, Insightful

    New technology is nice and all, but for every lock ever created there will be a lock pick for it.

    The only thing is, the more expensive the lock, the more expensive the lock pick is supposed to be. That's the real measure of the effectiveness of a lock. I.e., an expensive lock that can be picked in an inexpensive manner is an ineffective lock.

    --
    "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  4. Re:Require 2 Factor Verification by Maximum+Prophet · · Score: 4, Insightful
    3 factors.
    • Something you know -> i.e. Password
    • Something you are -> i.e. Fingerprint
    • Something you have -> i.e. RFID keyfob

    The major problem with *magic* solutions, is that leader types look at them and say "Wow, Iris Scanners, I could never fool one of those, so nobody could fool one." People have the same reaction to physical locks.
    This leads to security theater. Yes, it stops stupid criminals, and yes it can be a good thing when you stop stupid criminals, but when you want to stop people flying airplanes into buildings, or stock traders from racking up $2 billion in fraudulent losses, magic dohickys aren't the solution.

    --
    All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)