最有看点的互联网金融门户

最有看点的互联网金融门户
国际资讯基于互联网平台的金融业务

静脉识别真的安全?不一定

静脉识别是近几年兴起的一种新型识别技术。

通过扫描手掌、手背和手指内部等肉眼看不到的静脉图形(比如静脉的形状、尺寸和位置),完成用户识别任务。

这种技术目前的表现还不错,以至于不少人认为它是绝对安全的,就连德国情报局BND在柏林的新建总部大楼中都使用了这项技术。

然而在近日于德国莱比锡召开的“混沌通信大会”黑客会议上,研究人员Jan Krissler(又名Starbug)与Julian Albrecht通过一款蜡制假手打破了静脉识别的不败战绩。

Krissler与Albrecht表示,虽然静脉识别技术安全性很高,但其实只需更改一下摄像头设置(比如使用去除红外滤光片的单反相机),借助一些廉价的材料便可入侵该系统。

两人解释道,威胁者可利用该技术在五米外拍下手的照片,并用其制作一个可以骗过静脉识别技术的蜡制手模型。

而在这次成功的实验中,两人共在30天内拍摄了2500余张手部照片。

目前,两人已经与Fujitsu与Hitachi共享了其研究详情。

研究人员警告道,这次“成功”的试验算是为我们又一次敲响了警钟。

 

If you consider vein based authentication totally secure, you have to know that a group of researchers demonstrated the opposite at the Chaos Communication Congress hacking conference.

Vein based authentication scan invisible vein pattern (i.e. shape, size, and position of a user’ s veins) of the palm, back of the hand, fingers, etc, to identify the user.

The method of authentication is considered ultra-secure, it was also used by the German intelligence agency BND in the new headquarter building in Berlin.

Researchers Jan Krissler (aka starbug) and Julian Albrecht at Chaos Communication Congress hacking conference, held in Leipzig, Germany, devised a way to bypass the vein based authentication by creating a fake hand out of wax.

“It makes you feel uneasy that the process is praised as a high-security system and then you modify a camera, take some cheap materials and hack it,” Krissler and Albrecht told Motherboard.

To build the fake hand out of wax, Krissler and Albrecht took photos of their vein patterns under the skin, then they used a converted SLR camera with the infrared filter removed. The experts explained that a threat actor could use this technique to take a photo of a hand from a distance of five meters. The security duo took over 2,500 pictures over 30 days to build a working hand of wax.

“It’s enough to take photos from a distance of five meters, and it might work to go to a press conference and take photos of them,” Krissler explained.

“When we first spoofed the system, I was quite surprised that it was so easy,”  “Biometrics is always an arm race. The manufacturers improve their systems, the hackers come and break it and then it goes back on.”

The experts shared the details of their research to Fujitsu and Hitachi.

Researches warn that a persistent attacker could use the technique they tested to bypass vain based authentication used to protect restricted areas.

用微信扫描可以分享至好友和朋友圈

扫描二维码或搜索微信号“iweiyangx”
关注未央网官方微信公众号,获取互联网金融领域前沿资讯。

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

使用移动支付更便捷,花得可能也更多

abc7 | WABC 2018-12-24

印度移动支付巨头Mobikwik获338万美元新一轮融资

Vijayakuma... | 移动支付网 2018-12-21

英国针对货币过快电子化发出警告

栀航 2018-12-21

美国移动支付公司Square再度提交银行牌照申请

Reuters | YAHOO FINA... 2018-12-20

故意屏蔽竞争对手?苹果支付争端终于有了答案

Ben Lovejo... 2018-12-20

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1