Hello, welcome to the Wednesday, January 2nd, 2019 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

One of the events of note each year around New Year is the Chaos Communication Congress that happens in Germany and this year

again it doesn't disappoint. I just want to highlight a couple of talks from this conference

and as usual the conference website itself has videos and such of many of the talks.

First, there was one talk that looked at vein identification.

Now, this is less commonly used biometrics where you're using the entire hand to identify

yourself.

It doesn't use fingerprints, but instead it uses the patterns

of the veins in your hand in order to identify a particular user.

Now, in order to fool one of these biometric systems, there are really two components that

are needed. First of all, you do need a copy of the vein pattern of the target that you're trying to impersonate.

And then secondly, you have to find a way to duplicate that.

Now, in order to obtain the pattern, you need an infrared camera, a fairly cheap camera, does work.

They used one of those little pie cameras that you can connect to a Raspberry Pi and sort of

as a proof of concept they actually installed it in one of those hand-triers that you often

find in public restrooms and that gave them a reasonably good pictures of these main patterns in people's hands as they tried their hands.

Now, in order to then emulate the hand and the human tissue, what they actually came up with was to use yellow bees wax.

And that worked sufficiently enough to fool these hand scanners with about 80% reliability.

They did actually do a little demo sort of on stage.

They had some problems with the demo on stage.

But that was then based on the big lights they had shining in there, which interfered with the hand scanner.

...