Chaos Computer Club: Iris Biometrics Can be Spoofed

Iris BiometricsA security researcher is warning that iris scanning technology is not as secure as it may seem, according to a Forbes article by Thomas Fox-Brewster. Speaking in anticipation of his appearance at the CanSecWest conference later this month, Jan Krissler of the Chaos Computer Club said that it’s possible to bypass various iris scanning systems with nothing more than a high-resolution printout of a user’s eyes.

While many users don’t have large, high-resolution images of themselves readily available, some high-profile individuals do – such as politicians or celebrities – and that, Krissler says, is a major vulnerability. His warning comes in the wake of last week’s Mobile World Congress in Barcelona, where companies like Fujitsu were demonstrating eye-scanning security on their newest smartphones.

Eventually these companies are going to have to address Krissler’s concerns, but in the meantime it’s worth noting that eye-scanning technology continues to advance. An Australian firm, for example, is developing a system that relies on the unique data points of the cornea, which is unique enough to be a signature biometric for an individual, but changes slightly from day to day such that, theoretically, it could be impossible to hack. Whether this technique or any others serve to quash Krissler’s concerns remains to be seen, but in any case the iris biometrics market is growing, and that trend is projected to continue.

March 11, 2015 – by Alex Perala