It's well-known that hackers attack our computers and networks every day, but what really terrifies me is that they may start hunting for our eyes. What for? The answer consists in the fact that many passwords for critical systems are gradually being replaced with biometric identifiers like fingerprints and iris scans, which supposedly offer a safer way to log in. The bad news is that fingerprints and iris scans can be hacked just like a password, with a clever bit of reverse-engineering. When data is entered into a computer, the system doesn't store the actual fingerprint or iris scan. It records a digital template that serves as a trimmed-down representation of the biometric information. When a user goes to log in, his or her characteristics are matched against those templates. If it's high enough, the user is let inside.
Yet a new research shows that building an eyeball from a digital iris template is just as plausible as creating a fingerprint from a template.
At the Black Hat cybersecurity conference in Las Vegas on Wednesday, Javier Galbally, a researcher at the Universidad Autonoma of Madrid, Spain, showed how his team did it.