A large corporate bank, using palm-vein biometric authentication, found that Hackers Bypass Biometric Sensors and their scanner had been compromised and wrongful access was being granted to unauthorized personnel.
The discovery was made by a third-party security system who was able to detect that a device violation was present, in addition to the location of the foreign device; in this case the palm-vein scanner.
Biometric authentication has been prevalent for decades and comes in various forms such as fingerprint recognition, eye scans, typing patterns and palm geometry. Fingerprint recognition is the most common among biometric authentication and, what was once only used by high profile agencies needing maximum security, can now be found on everyday devices such as smartphones and laptops.
Hackers Bypass Biometric Sensors
In this specific incident, a BeagleBone board running USBProxy was used that, when attached to the scanning device and the computer system that stores the records of genuine handprints, allowed the attacker to bypass the authentication.
The BeagleBone does not require any extra hardware in addition to its superior set of input/output features, making it easy to interface with exterior electronics.
Sepio Systems is the leader in the Rogue Device Mitigation (RDM) market and is disrupting the cybersecurity industry by uncovering hidden hardware attacks operating over network and USB interfaces. SepioPrime, which orchestrates Sepio’s solution, identifies, detects and handles all peripherals; no device goes unmanaged.
The only company in the world to undertake Physical Layer fingerprinting, Sepio Systems calculates a digital fingerprint using the device descriptors of all connected peripherals and compares them against a known set of malicious devices, automatically blocking any attacks. With Machine Learning, the software analyses device behavior to identify abnormalities, such as a mouse acting as a keyboard.