Feeds

back to article Bank whips out palm-recognition kit - and a severed hand won't work

Italian banking group UniCredit has developed a commercial biometric payment system based on Fujitsu PalmSecure palm vein reader technology. UniCredit selected palm vein reader technology instead of more widely touted biometric technologies, such as fingerprint readers and retina scanners, to underpin a prototype mobile payment …

COMMENTS

This topic is closed for new posts.

Page:

I wonder how they tested the "will not work with a severed hand" part.

5
0
Devil

if done poorly, a severed hand would not contain blood, so most vessels would be empty, and thus thinner than expected. Or perhaps it's simply looking for body temperature.

You would need to kill the victim via poison (puncture wounds may cause excess blood loss), then sever the hand fingers down. Then flash freeze to ensure the veins are frozen in their "open" state. For use, it will be thawed, then you would need to transport the hand fingers down, and perhaps with a wax seal over the stump. You would then need to microwave it back to *exactly* body temperature a few seconds before scanning.

Next disturbing thought exercise please...

1
0

"blood flowing through"

Perhaps it "watches" for the flow of blood through the veins - "near-infrared rays that are absorbed by deoxidised haemoglobin present in blood flowing through the patient's palm veins".

Perhaps the "flow" part is a part of the process of building the image used for verification, and without blood flow, it's not verifiable?

0
0
Silver badge

Re: "blood flowing through"

If the hand is severed two changes occur either of which might be detected: (i) the blood stops flowing, leading to a change in the Doppler signal (can be integrated into fingerprint scanners as well), and (ii) the blood in the arteries also becomes deoxygenated, leading to those showing up as well. I do not know which is used.

I suddenly have this mental image of the device shouting MURDERER at 100dB when it detects a severed hand of a client. Could be a neat addition.

3
0
Silver badge
Meh

Yuck

Hand print recognition on a cashpoint. I hope it comes with a role of handy wipes.

On any given day, 80% of population pick their noses, 59% do not wash their hands after going to the toilet, 30% are contagious with colds, flu and the norovirus and they are just a few of the ailments that you are likely to pick up.

Yuck

1
8
Silver badge
Coat

Re: I wonder how they tested the "will not work with a severed hand" part.

Gimme Five!

2
0
Silver badge
Happy

Re: I wonder how they tested the "will not work with a severed hand" part.

I can do better than that, I can give you Fifteen!

5
0

Re: Yuck

And fail at reading the actual article.

6
1

Re: Yuck

except that most bacteria, etc. will not survive the cold and dry conditions that ATMs normally experience.. and |I would not be surprised if the 'in bank' ATMs are regularly cleaned(just like all the other furniture :) ), and even the window cleaner gives the outside ATM a brush-over... :)

1
1
Silver badge

Not working is not the problem

My problem is when some IQ=80 thief thinks it will work! The loss of my hand is far, far more worrying than my bank account.

8
0
Happy

Re: Yuck

They did say it was contactless for exactly those reasons (although it was quite near the end of the article

2
0
Gold badge
Coat

I wonder how they tested the "will not work with a severed hand" part.

Handsfree?

0
0
Gold badge

Re: Yuck

Hand print recognition on a cashpoint. I hope it comes with a role of handy wipes.

I actually know a Swiss company for sale that has used that sensor too - it is contact free. It picks it up from a distance, if I recall correctly 1..4 cm is OK.

0
0
Silver badge

Re: "blood flowing through"

"Perhaps it "watches" for the flow of blood through the veins - "near-infrared rays that are absorbed by deoxidised haemoglobin present in blood flowing through the patient's palm veins".

Perhaps the "flow" part is a part of the process of building the image used for verification, and without blood flow, it's not verifiable?"

And next month, the criminal underworld equivalent of El Reg will be posting a news item about a device that can be attached to a severed hand that will pump deoxidised haemoglobin through the palm veins to make the severed hand look like one that is still attached to the rest of its owner.

1
1
Silver badge

Re: "blood flowing through"

I suspect you can't use flow because blood flow can vary depending on heart rate.. A flow check might throw a false negative if you happen to use it just after a brisk jog or because you're in a hurry and nervous (both would raise the flow rate).

0
0
Bronze badge

Re: "blood flowing through"

What no flashing xenon lights or a red strobe light ?

0
0
Jin

Are all the would-be criminals so educated as to know this?

The claim that severed hands will not work does not mean that we are safe. How can the bank and Fujitsu be sure that all the would-be criminals are so educated as to be fully aware that severed hands will not work for these or those scientific reasons? The users of this bank should be prepared to be attacked by poorly-educated criminals.

0
0
Silver badge
IT Angle

Taking bets

...that within a year of this technology becoming widespread, someone will attempt to sue Fujitsu for hand cancer caused by exposure to IR light.

1
0

Re: Taking bets

IR light?? you mean the sort that ALL remote controls emit????

1
0

Re: Taking bets

Note that Thomas didn't actually say he believes IR causes cancer. Rather, he said that someone is going to sue, believing this to be the case.

I work for a development and web hosting company and we had this stupid argument with the company upstairs over us wanting to install DIRECTIONAL antenna's on the roof. The lady was convinced that she will have daily headaches and develop a tumor. Explaining how directional antenna's work and that they would be facing AWAY from the building, as well as pointing out the irony of her spending hours a day on her cellular phone didn't seem to get through to her. We now joke about it being the tumor that has made her so thick.

0
0
Anonymous Coward

Re: Taking bets

Just because it's safe won't stop some idiot suing...

on the same note, just because something is not safe & data is hidden (backscatter X-Ray) won't stop the government from using it...

0
0

As with all things Biometric..there's a problem...

The man in front of your at the same airport boarding gate does one or all of the following:

- Has bird flu, and sneezes into hand

- "re-arranges" himself

- picks his nose

- picks his arse

- puts his hand on the scanner to board

...would you put your hand on the same scanner immediately after him? Would you be entitled to ask for a disinfected scanner first, or a backup boarding identification method?

2
7
FAIL

Contactless

The point about these ones are that you don't touch it. Was mentioned in the article.

7
1
Bronze badge
Alert

Re: Contactless

Maybe you don't need to touch it for it to work, but you can bet that the "great unwashed" (after going to the loo, for example) will be spreading germs on it.

2
0

Re: Contactless

Thank you Larry - my downvoters be aware - contactless does not always mean that, nor does it mean germ-free, what with sweat evaporation and air flow. it just needs close proximity. See also telephone microphone speakers - you don't touch that (merely breathe on it), but it's germ heaven.

1
1
Gold badge

Re: Contactless

Thank you Larry - my downvoters be aware - contactless does not always mean that, nor does it mean germ-free, what with sweat evaporation and air flow. it just needs close proximity. See also telephone microphone speakers - you don't touch that (merely breathe on it), but it's germ heaven

So is the ATM keyboard and screen, and as you shove a card into the machine you don't quite know what the rollers have picked up from the previous card either. I guess we need one of those glove dispensers next to it you find at the diesel pump (whose main feature is that it is always empty, which makes me suspect they only hang up an empty box to start with)..

0
0
Anonymous Coward

I do not get why IRIS is not universal for Passport Control, credit cards etc.....

The new e-passports are just a joke compared to IRIS....

Works at a distance, very reliable, no need for ANY paperwork, just scan your eyes....

0
0
Anonymous Coward

Severed hands may not do but "Put your hand in their or I'll stab you" will work just as well.

9
0
Silver badge

No real defence against live coercion ...

... except silent alarm signalling.

e.g. when you are enrolled, you are randomly assigned an orientation - fingers to 10 o'clock, 12 o'clock, 2 o'clock. Scan your hand at a different angle and it appears to work but raises a silent alarm elsewhere.

There was a UL that entering your PIN backwards at an ATM did this - retrieved your money but alerted the police. AFAIK it is just that, a UL, but the principle is not beyond the bounds of possibility.

4
0
Silver badge

Re: No real defence against live coercion ...

I used to work in a shop like that. The alarm system had two codes: A "disarm" code, and a "duress" code. The effect was apparently identical, except the duress code would (theoretically) result in flashing blue lights and sirens arriving minutes later.

Thankfully, never got a chance to test that one.

3
0
Anonymous Coward

Re: No real defence against live coercion ...

The backwards pin UL is listed in Snopes as False.

0
0
Silver badge

Re: No real defence against live coercion ...

"There was a UL that entering your PIN backwards at an ATM did this - retrieved your money but alerted the police. AFAIK it is just that, a UL, but the principle is not beyond the bounds of possibility."

It might be false, but that's a damned good idea.

2
0

This post has been deleted by its author

Gold badge

Re: silent alarm signalling against coercion

... except silent alarm signalling.

Not a chance, I've been through that with a vendor. There is no point in implementing that because it's simply not usable.

Problem 1 is that people under stress go into automatic pilot. It's already a problem to get people to memorise a simple 4 digit code, so asking them to remember another valid one under stress is not going to work. If they have to do something different to normal it is also possible that ye olde robber is well aware of that too by simple prior observation.

Problem 2 is that such a detection leads to a liability which the bank is never willing to take. Imagine you get an alarm code as a bank, what are you going to do? Warn the police? They show up, robber panics and harms client - who is responsible? Deny payment? Again, harms client. Pay but record surroundings? That already happens even for non-alarmed transactions so no added value there either. What's more, when alarmed you may have to pay back the transaction - expect plenty false alarms and fake robberies then..

Alarm signalling brings no benefit to the bank, which is the sole and single criteria a bank will use.

2
0
Anonymous Coward

Re: No real defence against live coercion ...

Except what do you do about palindromic pin numbers, e.g. 1221 or 6666?

2
0
Silver badge
Alert

Duress code

I actually set that code up for my mom's home alarm. The trick in setting such a code is that it would be something inconspicuous, maybe even a code that they'd expect it to be (such as your birth date or something like that).

0
0

Not that secure

A friend of mine has a twin brother and they regularly used to fool the biometric readers at a datacenter we used to work at. They used a similar 'vein pattern' technology.

Needless to say, the security guards were pretty freaked out....

4
0

1 in 1.25M might not be too bad for confirming a claimed identity. Picking one person out of a large population is another matter.

2
0

Still Snake oil

This thing is subject to the same fundamental flaws of all biometric systems. The scanner produces a static data representation of your palm. It is this data that is actually used for authentication. I the server checks if this pattern is the same as (or close enough to) the pattern stored for you during enrolment. Basically it is a long password.

What happens when (not if) password data is compromised? Easy! Simply force the user to change the password - good luck doing that with biometrics.

2
0
Silver badge

Re: Still Snake oil

Exactly, and once you have a second instance using the same system, you'll have the same "secret key" on both systems. The next step is to build some sort of model hands with the right patterns. Maybe it's even possible to use some sort of modified LCD.

And that's all not taking into account brute-forcing those systems which may be possible.

0
0
Anonymous Coward

Re: Still Snake oil

As Frankie Boyle said 'I need new eyeballs and a new set of fingerprints'

0
0
Gold badge

Re: Still Snake oil

So, what will you do with a compromised biometric data set?

All you have is a hash value, probably salted with a secondary key if the designer had a remote clue of securing access data, and you're going to use that to do what? Work back into a biometric model that will replicate someone's biometric ID elsewhere? A vein scan has a lot more data points than a fingerprint scanner (which is why you need specialist software to validate it within seconds), so good luck with creating a fake at vein depth in someone else's hand. If you want to replace someone's hash with your own you still need to create that first - you could do that by getting an entry in the system and then copying the hash, assuming the hashes are salted identically (which is not an approach I would take).

Biometrics themselves aren't the issue, it's how they are stored that is important.

0
0

Re: Still Snake oil

I was talking about the biometric data, not any sort of hash. Once you have that and access to the data communication channel the scanner uses, the system is irreparably broken. For an ATM that may be tricky but for many other applications of this technology, it is a trivial task.

0
0
Silver badge

So how do we subvert this system?

Well, there must be some hackers here with their devious thinking-caps on.

Personally, I'm thinking that as well as chopping the hand off, you find a blood bank and rob a bag or two. Doesn't need to be the same blood group. The blood won't coagulate in time to stop the reading.

Now, make sure your hand is at body temperature prior to placing it on the pad. Now, the main artery is plugged into a pump that pulses like a heartbeat. The pump sucks blood out of the bag, and the main vein is connected back to the bag so you don't end up with a huge pool of slippery claret on the floor.

Of course, rubber-hose cryptanalysis is also a viable attack, but that's just less fun to think up.

0
1

Re: So how do we subvert this system?

It relies on the pattern of veins absorbing the emitted infra-red? Lots of ink does that too. How about we rig up a system that takes a picture of palms using the same frequency infra-red, and use that image to just generate a picture in the right ink?

I didn't give the article a really thorough read but it doesn't seem that blood has to be flowing or anything like that; just a pattern that absorbs the emitted infra-red correctly.

Failing that, it'll have a USB port on the side or a JTAG on it that we can just plug an iPhone into and politely ask it to pass everything it's shown.

2
0
Bronze badge
Facepalm

Re: So how do we subvert this system?

As mentioned in a comment near the top, one key feature of this system seems to be the imaging specific for oxygen-depleted hemoglobin in the blood vessels.

Remember that there are two types of main blood vessels in the hand: 1) arteries carrying oxygenated blood TO the hand and 2) veins carrying the oxygen-depleted blood AWAY from the hand. The oxygen depletion of the blood happens only in LIVING tissue *in the tiny capillary vessels in the hand tissue*.

Thus, any (literal?) hacker needs to figure out a way to image *solely* the veins. Just running oxygen-depleted blood (or its equivalent) through a severed hand will also image the arteries and won't work.

0
0
Bronze badge
Holmes

Less severing option...

1. Invite your victim to wave their hand above your fake scanner

2. Take image of vein pattern

3. Fake scanner is linked to 3-D printer that reproduces vein pattern in plastic

4. Fill pseudo-hand with blood substitute

...

5. Profit

Selection of a suitable plastic and blood substitute to fool the real scanner is left as an exercise for the reader. If you get stopped for questioning, explaining a plastic hand with fake blood is probably easier than explaining a real one.

Obligatory xkcd reference

Headline:

Trick-or-Treaters Arrested for Bank Heist

1
0
Silver badge

Fixing the wrong problem

> will not work with a severed hand

If a baddie is in a position to hack a hand off someone who's bank account they wanted to raid, they would also be able to say to the victim "either we hack off both your hands (to be sure we have the correct one) or you come with us."

Given that choice I can see the victim ALWAYS choosing to do the deed with hands still intact. So the possibility, cheesy films notwithstanding, of the machine ever being offered a dead 'un is just not a real-life situation.

0
0
Silver badge

Re: Fixing the wrong problem

Yes and think of the instances where the victim will be killed afterwards so he won't be a witness.

Essentially this changes a crime from "steal an EC card and find out the pin" to "kidnap and perhaps murder a person". I don't see how that's an improvement.

If you want to do something against people stealing money, start regulating investment banks more heavily.

1
0
FAIL

Re: Fixing the wrong problem

ISTR Mercedes started using thumbprint recognition security on their high end cars. In the first attempted carjacking it saved the car but did lead to the owner having his thumb macheted off.

Didn't really catch on after that... there's a limit to how far you should go to protect 'stuff'.

0
0

Page:

This topic is closed for new posts.