Hacktivity is the biggest IT and Security conference held in Central- and Eastern Europe. From 2011, we are resident presenters, each year introducing the audience to a different biometric technology, showing its possible uses and vulnerabilities.
In 2014, our topic was Iris recognition. Many ideas and misconceptions are attached to this tecnology. We intended to show the truth through our presentation - about the operation, the solutions and last but not least the vulnerabilities. We presented an iris identification device live in operation, and how one can spoof it with rather simple tools. We also discussed the potential uses of the technology, especially in light of the recent news that a number of phone manufacturers intend to introduce iris recognition after fingerprint sensors to their devices.
In 2013, it was the 10th time that Hacktivity, the biggest IT security conference of Central-Eastern Europe was organised. This was the third time Applied Biometrics Institute (ABI) featured itself on this event. After 2011’s fingerprint scanner and 2012’s hand vein scanner, this year we examined the vulnerabilities of face recognition.
We presented the basics of face recognition on the stage, then executed several successful spoofing attacks on two different systems, showing that it is no coincidence face recognition was featured at Hacktivity, as there are still issues to be fixed about the security of this method.
In 2012 we experimented with vein scanners, which were advertised by being equipped with infallible sensors. Because biometric identification can only be interpreted as a part of a system, it is worth analyzing questions of vulnerability of security identification devices. We may identify many grounds for attacks, due to the structure of the systems. We managed to spoof the devices, shedding light to the fact that no matter how good the sensor may be, if the device built around it is not up to the task.
In our first appearance at Hacktivity we presented the vulnerabilities of fingerprint scanners and the process of obtaining, copying and using fingerprints left on surfaces.
We spoofed the scanners with fingerprints collected on-site with various methods (e.g. from wax imprints). Our tests shed light on the risks and weaknesses of the technology, and examined the possible ways to solve this problem.