back to article Bank whips out palm-recognition kit - and a severed hand won't work

Italian banking group UniCredit has developed a commercial biometric payment system based on Fujitsu PalmSecure palm vein reader technology. UniCredit selected palm vein reader technology instead of more widely touted biometric technologies, such as fingerprint readers and retina scanners, to underpin a prototype mobile …

COMMENTS

This topic is closed for new posts.
  1. VaalDonkie

    I wonder how they tested the "will not work with a severed hand" part.

    1. Silverburn
      Devil

      if done poorly, a severed hand would not contain blood, so most vessels would be empty, and thus thinner than expected. Or perhaps it's simply looking for body temperature.

      You would need to kill the victim via poison (puncture wounds may cause excess blood loss), then sever the hand fingers down. Then flash freeze to ensure the veins are frozen in their "open" state. For use, it will be thawed, then you would need to transport the hand fingers down, and perhaps with a wax seal over the stump. You would then need to microwave it back to *exactly* body temperature a few seconds before scanning.

      Next disturbing thought exercise please...

    2. Paw Bokenfohr

      "blood flowing through"

      Perhaps it "watches" for the flow of blood through the veins - "near-infrared rays that are absorbed by deoxidised haemoglobin present in blood flowing through the patient's palm veins".

      Perhaps the "flow" part is a part of the process of building the image used for verification, and without blood flow, it's not verifiable?

      1. Michael H.F. Wilkinson Silver badge

        Re: "blood flowing through"

        If the hand is severed two changes occur either of which might be detected: (i) the blood stops flowing, leading to a change in the Doppler signal (can be integrated into fingerprint scanners as well), and (ii) the blood in the arteries also becomes deoxygenated, leading to those showing up as well. I do not know which is used.

        I suddenly have this mental image of the device shouting MURDERER at 100dB when it detects a severed hand of a client. Could be a neat addition.

        1. kain preacher Silver badge

          Re: "blood flowing through"

          What no flashing xenon lights or a red strobe light ?

      2. VinceH Silver badge

        Re: "blood flowing through"

        "Perhaps it "watches" for the flow of blood through the veins - "near-infrared rays that are absorbed by deoxidised haemoglobin present in blood flowing through the patient's palm veins".

        Perhaps the "flow" part is a part of the process of building the image used for verification, and without blood flow, it's not verifiable?"

        And next month, the criminal underworld equivalent of El Reg will be posting a news item about a device that can be attached to a severed hand that will pump deoxidised haemoglobin through the palm veins to make the severed hand look like one that is still attached to the rest of its owner.

      3. Charles 9 Silver badge

        Re: "blood flowing through"

        I suspect you can't use flow because blood flow can vary depending on heart rate.. A flow check might throw a false negative if you happen to use it just after a brisk jog or because you're in a hurry and nervous (both would raise the flow rate).

    3. LarsG
      Meh

      Yuck

      Hand print recognition on a cashpoint. I hope it comes with a role of handy wipes.

      On any given day, 80% of population pick their noses, 59% do not wash their hands after going to the toilet, 30% are contagious with colds, flu and the norovirus and they are just a few of the ailments that you are likely to pick up.

      Yuck

      1. Andraž 'ruskie' Levstik

        Re: Yuck

        And fail at reading the actual article.

      2. illiad

        Re: Yuck

        except that most bacteria, etc. will not survive the cold and dry conditions that ATMs normally experience.. and |I would not be surprised if the 'in bank' ATMs are regularly cleaned(just like all the other furniture :) ), and even the window cleaner gives the outside ATM a brush-over... :)

      3. Andy ORourke
        Happy

        Re: Yuck

        They did say it was contactless for exactly those reasons (although it was quite near the end of the article

      4. Fred Flintstone Gold badge

        Re: Yuck

        Hand print recognition on a cashpoint. I hope it comes with a role of handy wipes.

        I actually know a Swiss company for sale that has used that sensor too - it is contact free. It picks it up from a distance, if I recall correctly 1..4 cm is OK.

    4. Crisp Silver badge
      Coat

      Re: I wonder how they tested the "will not work with a severed hand" part.

      Gimme Five!

      1. hplasm Silver badge
        Happy

        Re: I wonder how they tested the "will not work with a severed hand" part.

        I can do better than that, I can give you Fifteen!

    5. Paul Crawford Silver badge

      Not working is not the problem

      My problem is when some IQ=80 thief thinks it will work! The loss of my hand is far, far more worrying than my bank account.

    6. Fred Flintstone Gold badge
      Coat

      I wonder how they tested the "will not work with a severed hand" part.

      Handsfree?

    7. Jin

      Are all the would-be criminals so educated as to know this?

      The claim that severed hands will not work does not mean that we are safe. How can the bank and Fujitsu be sure that all the would-be criminals are so educated as to be fully aware that severed hands will not work for these or those scientific reasons? The users of this bank should be prepared to be attacked by poorly-educated criminals.

  2. Thomas 4
    IT Angle

    Taking bets

    ...that within a year of this technology becoming widespread, someone will attempt to sue Fujitsu for hand cancer caused by exposure to IR light.

    1. illiad

      Re: Taking bets

      IR light?? you mean the sort that ALL remote controls emit????

      1. Anonymous Coward
        Anonymous Coward

        Re: Taking bets

        Just because it's safe won't stop some idiot suing...

        on the same note, just because something is not safe & data is hidden (backscatter X-Ray) won't stop the government from using it...

    2. VaalDonkie

      Re: Taking bets

      Note that Thomas didn't actually say he believes IR causes cancer. Rather, he said that someone is going to sue, believing this to be the case.

      I work for a development and web hosting company and we had this stupid argument with the company upstairs over us wanting to install DIRECTIONAL antenna's on the roof. The lady was convinced that she will have daily headaches and develop a tumor. Explaining how directional antenna's work and that they would be facing AWAY from the building, as well as pointing out the irony of her spending hours a day on her cellular phone didn't seem to get through to her. We now joke about it being the tumor that has made her so thick.

  3. Silverburn

    As with all things Biometric..there's a problem...

    The man in front of your at the same airport boarding gate does one or all of the following:

    - Has bird flu, and sneezes into hand

    - "re-arranges" himself

    - picks his nose

    - picks his arse

    - puts his hand on the scanner to board

    ...would you put your hand on the same scanner immediately after him? Would you be entitled to ask for a disinfected scanner first, or a backup boarding identification method?

    1. Paw Bokenfohr
      FAIL

      Contactless

      The point about these ones are that you don't touch it. Was mentioned in the article.

      1. This post has been deleted by its author

        1. Silverburn

          Re: Contactless

          Thank you Larry - my downvoters be aware - contactless does not always mean that, nor does it mean germ-free, what with sweat evaporation and air flow. it just needs close proximity. See also telephone microphone speakers - you don't touch that (merely breathe on it), but it's germ heaven.

          1. Fred Flintstone Gold badge

            Re: Contactless

            Thank you Larry - my downvoters be aware - contactless does not always mean that, nor does it mean germ-free, what with sweat evaporation and air flow. it just needs close proximity. See also telephone microphone speakers - you don't touch that (merely breathe on it), but it's germ heaven

            So is the ATM keyboard and screen, and as you shove a card into the machine you don't quite know what the rollers have picked up from the previous card either. I guess we need one of those glove dispensers next to it you find at the diesel pump (whose main feature is that it is always empty, which makes me suspect they only hang up an empty box to start with)..

    2. Anonymous Coward
      Anonymous Coward

      I do not get why IRIS is not universal for Passport Control, credit cards etc.....

      The new e-passports are just a joke compared to IRIS....

      Works at a distance, very reliable, no need for ANY paperwork, just scan your eyes....

  4. Anonymous Coward
    Anonymous Coward

    Severed hands may not do but "Put your hand in their or I'll stab you" will work just as well.

    1. John H Woods Silver badge

      No real defence against live coercion ...

      ... except silent alarm signalling.

      e.g. when you are enrolled, you are randomly assigned an orientation - fingers to 10 o'clock, 12 o'clock, 2 o'clock. Scan your hand at a different angle and it appears to work but raises a silent alarm elsewhere.

      There was a UL that entering your PIN backwards at an ATM did this - retrieved your money but alerted the police. AFAIK it is just that, a UL, but the principle is not beyond the bounds of possibility.

      1. M Gale

        Re: No real defence against live coercion ...

        I used to work in a shop like that. The alarm system had two codes: A "disarm" code, and a "duress" code. The effect was apparently identical, except the duress code would (theoretically) result in flashing blue lights and sirens arriving minutes later.

        Thankfully, never got a chance to test that one.

      2. Anonymous Coward
        Anonymous Coward

        Re: No real defence against live coercion ...

        The backwards pin UL is listed in Snopes as False.

      3. M Gale

        Re: No real defence against live coercion ...

        "There was a UL that entering your PIN backwards at an ATM did this - retrieved your money but alerted the police. AFAIK it is just that, a UL, but the principle is not beyond the bounds of possibility."

        It might be false, but that's a damned good idea.

        1. Anonymous Coward
          Anonymous Coward

          Re: No real defence against live coercion ...

          Except what do you do about palindromic pin numbers, e.g. 1221 or 6666?

      4. Fred Flintstone Gold badge

        Re: silent alarm signalling against coercion

        ... except silent alarm signalling.

        Not a chance, I've been through that with a vendor. There is no point in implementing that because it's simply not usable.

        Problem 1 is that people under stress go into automatic pilot. It's already a problem to get people to memorise a simple 4 digit code, so asking them to remember another valid one under stress is not going to work. If they have to do something different to normal it is also possible that ye olde robber is well aware of that too by simple prior observation.

        Problem 2 is that such a detection leads to a liability which the bank is never willing to take. Imagine you get an alarm code as a bank, what are you going to do? Warn the police? They show up, robber panics and harms client - who is responsible? Deny payment? Again, harms client. Pay but record surroundings? That already happens even for non-alarmed transactions so no added value there either. What's more, when alarmed you may have to pay back the transaction - expect plenty false alarms and fake robberies then..

        Alarm signalling brings no benefit to the bank, which is the sole and single criteria a bank will use.

    2. This post has been deleted by its author

    3. Daniel B.
      Alert

      Duress code

      I actually set that code up for my mom's home alarm. The trick in setting such a code is that it would be something inconspicuous, maybe even a code that they'd expect it to be (such as your birth date or something like that).

  5. Chris_Maresca

    Not that secure

    A friend of mine has a twin brother and they regularly used to fool the biometric readers at a datacenter we used to work at. They used a similar 'vein pattern' technology.

    Needless to say, the security guards were pretty freaked out....

  6. Anonymous Coward 15

    1 in 1.25M might not be too bad for confirming a claimed identity. Picking one person out of a large population is another matter.

  7. djack

    Still Snake oil

    This thing is subject to the same fundamental flaws of all biometric systems. The scanner produces a static data representation of your palm. It is this data that is actually used for authentication. I the server checks if this pattern is the same as (or close enough to) the pattern stored for you during enrolment. Basically it is a long password.

    What happens when (not if) password data is compromised? Easy! Simply force the user to change the password - good luck doing that with biometrics.

    1. Christian Berger Silver badge

      Re: Still Snake oil

      Exactly, and once you have a second instance using the same system, you'll have the same "secret key" on both systems. The next step is to build some sort of model hands with the right patterns. Maybe it's even possible to use some sort of modified LCD.

      And that's all not taking into account brute-forcing those systems which may be possible.

    2. Anonymous Coward
      Anonymous Coward

      Re: Still Snake oil

      As Frankie Boyle said 'I need new eyeballs and a new set of fingerprints'

    3. Fred Flintstone Gold badge

      Re: Still Snake oil

      So, what will you do with a compromised biometric data set?

      All you have is a hash value, probably salted with a secondary key if the designer had a remote clue of securing access data, and you're going to use that to do what? Work back into a biometric model that will replicate someone's biometric ID elsewhere? A vein scan has a lot more data points than a fingerprint scanner (which is why you need specialist software to validate it within seconds), so good luck with creating a fake at vein depth in someone else's hand. If you want to replace someone's hash with your own you still need to create that first - you could do that by getting an entry in the system and then copying the hash, assuming the hashes are salted identically (which is not an approach I would take).

      Biometrics themselves aren't the issue, it's how they are stored that is important.

      1. djack

        Re: Still Snake oil

        I was talking about the biometric data, not any sort of hash. Once you have that and access to the data communication channel the scanner uses, the system is irreparably broken. For an ATM that may be tricky but for many other applications of this technology, it is a trivial task.

  8. M Gale

    So how do we subvert this system?

    Well, there must be some hackers here with their devious thinking-caps on.

    Personally, I'm thinking that as well as chopping the hand off, you find a blood bank and rob a bag or two. Doesn't need to be the same blood group. The blood won't coagulate in time to stop the reading.

    Now, make sure your hand is at body temperature prior to placing it on the pad. Now, the main artery is plugged into a pump that pulses like a heartbeat. The pump sucks blood out of the bag, and the main vein is connected back to the bag so you don't end up with a huge pool of slippery claret on the floor.

    Of course, rubber-hose cryptanalysis is also a viable attack, but that's just less fun to think up.

    1. Alfred

      Re: So how do we subvert this system?

      It relies on the pattern of veins absorbing the emitted infra-red? Lots of ink does that too. How about we rig up a system that takes a picture of palms using the same frequency infra-red, and use that image to just generate a picture in the right ink?

      I didn't give the article a really thorough read but it doesn't seem that blood has to be flowing or anything like that; just a pattern that absorbs the emitted infra-red correctly.

      Failing that, it'll have a USB port on the side or a JTAG on it that we can just plug an iPhone into and politely ask it to pass everything it's shown.

    2. MondoMan
      Facepalm

      Re: So how do we subvert this system?

      As mentioned in a comment near the top, one key feature of this system seems to be the imaging specific for oxygen-depleted hemoglobin in the blood vessels.

      Remember that there are two types of main blood vessels in the hand: 1) arteries carrying oxygenated blood TO the hand and 2) veins carrying the oxygen-depleted blood AWAY from the hand. The oxygen depletion of the blood happens only in LIVING tissue *in the tiny capillary vessels in the hand tissue*.

      Thus, any (literal?) hacker needs to figure out a way to image *solely* the veins. Just running oxygen-depleted blood (or its equivalent) through a severed hand will also image the arteries and won't work.

  9. Allan George Dyer Silver badge
    Holmes

    Less severing option...

    1. Invite your victim to wave their hand above your fake scanner

    2. Take image of vein pattern

    3. Fake scanner is linked to 3-D printer that reproduces vein pattern in plastic

    4. Fill pseudo-hand with blood substitute

    ...

    5. Profit

    Selection of a suitable plastic and blood substitute to fool the real scanner is left as an exercise for the reader. If you get stopped for questioning, explaining a plastic hand with fake blood is probably easier than explaining a real one.

    Obligatory xkcd reference

    Headline:

    Trick-or-Treaters Arrested for Bank Heist

  10. Pete 2 Silver badge

    Fixing the wrong problem

    > will not work with a severed hand

    If a baddie is in a position to hack a hand off someone who's bank account they wanted to raid, they would also be able to say to the victim "either we hack off both your hands (to be sure we have the correct one) or you come with us."

    Given that choice I can see the victim ALWAYS choosing to do the deed with hands still intact. So the possibility, cheesy films notwithstanding, of the machine ever being offered a dead 'un is just not a real-life situation.

    1. Christian Berger Silver badge

      Re: Fixing the wrong problem

      Yes and think of the instances where the victim will be killed afterwards so he won't be a witness.

      Essentially this changes a crime from "steal an EC card and find out the pin" to "kidnap and perhaps murder a person". I don't see how that's an improvement.

      If you want to do something against people stealing money, start regulating investment banks more heavily.

      1. PC Paul
        FAIL

        Re: Fixing the wrong problem

        ISTR Mercedes started using thumbprint recognition security on their high end cars. In the first attempted carjacking it saved the car but did lead to the owner having his thumb macheted off.

        Didn't really catch on after that... there's a limit to how far you should go to protect 'stuff'.

      2. veti Silver badge
        Go

        Re: Fixing the wrong problem

        It's an improvement because it makes the crime harder to commit.

        Mugging to get a card and threatening to get a PIN? Easy-peasy. If you're quick on your feet, you can be back to the cashpoint before the victim has time to report the crime. (Assuming you have the elementary forethought to pinch his phone as well.)

        Forcing someone to march with you at knifepoint into a public area where an unknown number of unknown people will see you both? Considerably harder, calls for a good deal more nerve and commitment on the part of the criminal.

        Of course there's a workaround for the truly determined criminal. There probably always will be. But it becomes harder, and that reduces the total number of such crimes that get committed. That's a good thing.

        1. TeeCee Gold badge
          Unhappy

          Re: Fixing the wrong problem

          That's a good thing.

          Unless you're the one with the knife in your kidneys. Then it isn't.

  11. Arachnoid
    Trollface

    Germs and Toast

    I thought it worked like when you drop toast on the floor,as long as the contact is less than five seconds your fine hee hee.

    1. John 48
      Pirate

      Re: Germs and Toast

      You need to be quicker than that:

      https://www.youtube.com/watch?v=rYXdsOEWBj0

  12. Dave 15

    finger vein

    worked on a project using a finger vein reader... supposedly all the same advantages. However a sausage was perfectly acceptable to the system so it doesn't always need to be attached :) Besides, the amount of hassle to get it to recognise the same finger more than 1 in 10 was ridiculous.

  13. Valeyard

    identifying the wrong person in 1 in a million transactions is pretty poor when you consider how many transactions there are likely to actually be

    Will this be used in conjunction with something else or will it both identify and verify using the hand scan?

  14. Wize

    Had an accident?

    One hand in a cast and the other with a burn? Say goodbye to accessing anything.

  15. Mad Mike
    FAIL

    Body parts

    Personally, I'd rather none of this is done with any part of my body. It opens far too many options.

    Someone might remove the body part in an attempt to get access.

    Someone might coerce or kidnap me to get access.

    This becomes a means of identifying me, so if it gets compromised, my identity changes!! At the moment, the bank card etc. is not considered part of the identity process. But once confirmed with a body part; well it must be them!!

    There are so many flaws in this, it defies belief.

    1. TeeCee Gold badge
      FAIL

      Re: Body parts

      Someone might remove the body part in an attempt to get access.

      "Give us your ATM card and PIN number or we'll chop your hand off.". That option already exists. Actually the current version is more effective as "Right, give it to us now or we'll chop your other hand off" is available in case of non-compliance.

      Someone might coerce or kidnap me to get access.

      In that case the type of security is entirely irrelevant as with you present to provide password / PIN / hand / thumb / eyeball / whatever it can always be circumvented. So that option also already exists.

      Got any objections that are actually specific to biometric palm readers?

  16. FanniM
    Devil

    It would be good to test this with identical twins.

    1. M Gale

      I'm wondering what happens after an accident. Veins tend to re "draw" themselves, but not necessarily in the same way.

  17. Jock in a Frock
    Happy

    @ FanniM

    Sounds like a chat up line to me.

  18. Johnmae

    Another simple solution.

    Or simpler, damage cameras, knock somebody out or just manhandle them to the reader, and there you go. That is if the even simpler solution of threatening someone with pain or loss of limb that an earlier poster suggested doesn't work.

    1. Charles 9 Silver badge

      Re: Another simple solution.

      Simple countermeasure. Make the booth only large enough to fit one person comfortably. Trying to drag an unconscious person into such a booth would probably be impractically crowded and take too much time (and time is the robber's worst enemy--the longer you take the more likely you're spotted). It would also help reduce the odds of the rubber-hose treatment. Even if approached mid-transaction the ATM might auto-lock the booth in that time, meaning the perp would have to perform something very violent to get in--and risk downing the victim before he completes the transaction.

  19. BCS

    Just replaces the card

    It seems to me that this can just be used to replace the bank card. You swipe your hand and then type in a PIN. No different to now except you don't need to carry a card around. That would seem to be a sensible development.

    For airport security, replacing a boarding card with a hand swipe seems reasonable too - you have your passport and hand rather than passport and printed piece of paper.

    Just a different method of "something you have and something you know".

  20. Arachnoid
    Trollface

    Germs and Toast

    Yes but some things taste better with a bit of hair on them

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019