The Black Hat hacking conference is taking place this week in Las Vegas. The annual event bills itself as “the premiere conference on information security,” and its presenters usually end up getting the attention of the companies and devices they hack into. Breakout sessions, like tomorrow’s “A Scientific (but non academic) study of how malware employs anti-debugging, anti-disassembly and anti-virtualization technologies), tend to serve up a heaping portion of Geek Chow.
Wired reports on one hack that’s being featured at the conference and already been digested a bit: reverse engineered iris scans. Yup. Researchers in Spain and the U.S. have teamed up and figured out how to fake out iris scanners, which are used as top-level security for law enforcement, airports, and the at data centers that host our beloved cloud and store all our personal information.
The academics have found a way to recreate iris images that match digital iris codes that are stored in databases and used by iris-recognition systems to identify people. The replica images, they say, can trick commercial iris-recognition systems into believing their real images and could help someone thwart identification at border crossings or gain entry to secure facilities protected by biometric systems.
The work goes a step beyond previous work on iris-recognition systems. Previously, researchers have been able to create wholly synthetic iris images that had all of the characteristics of real iris images — but weren’t connected to real people. The images were able to trick iris-recognition systems into thinking they were real irises, though they couldn’t be used to impersonate a real person. But this is the first time anyone has essentially reverse-engineered iris codes to create iris images that closely match the eye images of real subjects, creating the possibility of stealing someone’s identity through their iris.
Also of note, this conference will be the first time Apple will actively take part in the event. Reuters reports:
The first time Microsoft security researchers spoke at the conference was in 1998, and the first time Google took the stage was in 2010, according to Ford. In joining them, Apple is acknowledging that it needs a stronger relationship with the hacking community as its products grow in popularity and come under heavier attack.