Is that really your eye under that Black Hat?

Marc Sanchez Jul 25, 2012

The Black Hat hacking conference is taking place this week in Las Vegas. The annual event bills itself as “the premiere conference on information security,” and its presenters usually end up getting the attention of the companies and devices they hack into. Breakout sessions, like tomorrow’s “A Scientific (but non academic) study of how malware employs anti-debugging, anti-disassembly and anti-virtualization technologies), tend to serve up a heaping portion of Geek Chow.
Wired reports on one hack that’s being featured at the conference and already been digested a bit: reverse engineered iris scans. Yup. Researchers in Spain and the U.S. have teamed up and figured out how to fake out iris scanners, which are used as top-level security for law enforcement, airports, and the at data centers that host our beloved cloud and store all our personal information.

The academics have found a way to recreate iris images that match digital iris codes that are stored in databases and used by iris-recognition systems to identify people. The replica images, they say, can trick commercial iris-recognition systems into believing their real images and could help someone thwart identification at border crossings or gain entry to secure facilities protected by biometric systems.
The work goes a step beyond previous work on iris-recognition systems. Previously, researchers have been able to create wholly synthetic iris images that had all of the characteristics of real iris images — but weren’t connected to real people. The images were able to trick iris-recognition systems into thinking they were real irises, though they couldn’t be used to impersonate a real person. But this is the first time anyone has essentially reverse-engineered iris codes to create iris images that closely match the eye images of real subjects, creating the possibility of stealing someone’s identity through their iris.

Also of note, this conference will be the first time Apple will actively take part in the event. Reuters reports:

The first time Microsoft security researchers spoke at the conference was in 1998, and the first time Google took the stage was in 2010, according to Ford. In joining them, Apple is acknowledging that it needs a stronger relationship with the hacking community as its products grow in popularity and come under heavier attack.

We’re here to help you navigate this changed world and economy.

Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.

In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.

Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.