In the movie Minority Report, audiences witnessed a future where citizens iris’s were scanned at every turn in order to both track and market to individuals. This fiction however is soon to be reality as government agencies have begun increasing their use of biometric data. The Electronic Freedom Foundation reports on the current vulnerabilities of this security along with the dangers that the new technology presents:
At the Black Hat security conference in Las Vegas this week, Javier Galbally revealed that it’s possible to spoofa biometric iris scanning system using synthetic images derived from real irises. The Madrid-based security researcher’s talk is timely, coming on the heels of a July 23 Israeli Supreme Court hearing where the potential vulnerabilities of a proposed governmental biometric database drove the debate. Consider the week’s events a reminder that if the adoption of biometric identification systems continues apace without serious contemplation of the pitfalls, we’re headed for trouble.
When it comes to the collection and storage of individuals’ digital fingerprints, iris scans, or facial photographs, system vulnerability is a chief concern. A social security number can always be cancelled and reissued if it’s compromised, but it’s impossible for someone to get a new eyeball if an attacker succeeds in seizing control of his or her digital biometric information.
Among all the various biometric traits that can be measured for machine identification–such as fingerprints, face, voice, or keystroke dynamics–the iris is generally regarded as being the most reliable. Yet Galbally’s team of researchers has shown that even the method traditionally presumed to be foolproof is actually quite susceptible to being hacked.
The project, unveiled for the first time at the security researchers’ conference, made use of synthetic images that match digital iris codes linked to real irises. The codes, which are derived from the unique measurements of an individuals’ iris and contain about 5,000 pieces of information, are stored in biometric databases and used to positively identify people when they position their eyes in front of the scanners. By printing out the replica images on commercial printers, the researchers found they could trick the iris-scanning systems into confirming a match.
