Fake Irises Fool Scanners

We already know you can wear fake irises to fool a scanner into thinking you’re not you, but this is the first fake iris you can use for impersonation: to fool a scanner into thinking you’re someone else.

EDITED TO ADD (8/13): Paper and slides.

Also This:

Daugman says the vulnerability in question, which involves using an iterative process to relatively quickly reconstruct a workable iris image from an iris template, is a classic “hill-climbing” attack that is a known vulnerability for all biometrics.”

Posted on July 31, 2012 at 11:11 AM18 Comments


B. D. Johnson July 31, 2012 11:14 AM

I was kind hoping it would have been defeated by gummi bears like the fingerprint scanners were.

Chris W July 31, 2012 2:25 PM

Finally, it’s back, read this blog post a while ago, then it disappeared.

The sample pictures are stupid and easily spotted. And it distracts from the real breakthrough.
Fake iris via contact lenses were already possible, nothing new there.

Basically iris-scanners do not have a database with images of your iris, it only has database of digital signatures, which stays the same across multiple pictures.
It is impossible to derive the original image from the signature, much like crypto hashes. Also the signature algorithm (just like a hashalgo) is designed to prevent someone from generating a image that will result in the same signature (a collision).
This means that even when the hostiles have access to the database they cannot fake access since they would need a image of your iris to do that.

What these researchers have done is found a way to generate a image using only the signature. It isn’t the same iris, just a image of a synthetic iris that is recognized the same.
The generated image can then be put on a contact lens and used to enter the secured area.

Just like with crypto hashes, when collisions become feasible, security experts will simply have to design a new signature algorithm. Nothing new there either.

vasiliy pupkin July 31, 2012 2:51 PM

If that artificial iris image is static on the contact, then it is not changed when scanner device changes illumination of tested eye even slightly versus real iris. Signature is the same, but comparison of two consequtive images of real iris and artificial one are different: for real those images are not the same (dynamic) for artificial are the same (static). In order to defeat artificial iris changes my be needed for scanner design: two step process.
Just educated guess. Please grind it.

Alan Kaminsky July 31, 2012 3:44 PM

@Chris W

The iris signature algorithm has to have two characteristics. It has to be lenient, to allow slight variations in the input iris image nonetheless to match the signature correctly and keep the false negative rate low enough to make the system usable. And it has to be collision resistant, to prevent attacks like the ones these researchers reported and keep the false positive rate low enough to make the system secure.

I suspect these two characteristics are at the opposite ends of a tradeoff curve. If you make the system more lenient, false positives (unauthorized persons accepted) become more likely. If you make the system more collision resistant, false negatives (authorized persons not accepted) become more likely.

I doubt that “security experts” can wave their magic wands and solve this.

Spellucci July 31, 2012 4:59 PM

When I first heard about iris scanners years ago, I remember reading that they would be able to detect a heartbeat in the eye. That way, your eye wouldn’t be worth anything without you alive and attached to it.

This article makes no mention of that. Do modern iris scanners not look for a heartbeat? Do they look for them on something other than the contact lens that covers the iris? (I would assume a contact lens does not expand and contract with a heartbeat the way a real iris would.) Inquiring minds want to know.

sparky July 31, 2012 7:05 PM

While this is quite impressive, I don’t think this is the greatest vulnerability of iris scanners. Apparently, they can’t differentiate between a contact lens and a real, live iris. Wouldn’t that mean you would only need a clear, very high resolution photograph of someone face to simply print a picture of their iris onto a contact lens?

skreidle July 31, 2012 10:23 PM

Having used (and installed) iris scanners, I can confirm that dead eyes or static contacts should not work — at least, not with the models I’m familiar with. The camera is ringed with near-IR LEDs, which pulse during the scan — and while you can’t see the light visibly, your iris still reflexively dilates, and that’s read as well. Dead eye or static contact = no dilation = failed read.

David Alexander August 1, 2012 4:21 AM

It must have been a cheap iris scanner. The good ones have liveness detection built in that wouldn’t be fooled by a printed image.

A ‘live’ iris oscillates at about 0.5 hz even in stable light conditions. Also, good scanners operate in the Infra-red (700-900 nM wavelength) range to overcome the problems caused by reflective curved surfaces, contact lenses/glasses and dark pigmentation.This also has the advantage of allowing for detection of oxygenated blood in the iris because the iris has a different infra-red absorption spectra when alive and full of oxygenated blood.

A scanner with both of these would not be fooled by a printed image. If you buy cheap you get rubbish security. it was ever thus.

Me August 1, 2012 9:13 AM

And this is why I hate the idea of biometrics:

If your credit card is copied, it can be invalidated and a new one issued. If your fingers/eyes are copied, what do you do?

David August 1, 2012 9:43 AM


If your fingers/eyes are copied, what do you do?

Easy. Anyone who uses biometrics as a form of unattended authentication simply doesn’t understand the point of biometrics.

Biometrics work best when operated under close supervision – they should form only one aspect of a wide ranging system.

If an ‘intruder’ can successfully use a gummi-bear or a contact lens to gain authentication, the place or system they are accessing deserves no sympathy at all.

In addition, it is absolutely trivial to copy any and all of your biometrics. I could follow you around collecting your fingerprints from a drinking glass, your iris image with a hi-res camera (most iris recognition systems operate from a distance of many feet these days), I could take multiple photos of your face to build a strong 3-D version of your head… you use your voice regularly – I could record that too.

This whole notion of the ‘loss’ of a biometric as you suggest is absurd, as the whole point of a biometric is to link a physical presence with an identity by way of a unique sample of that physical presence.

…and don’t get me started on the way everyone seems to ignore in-built tests for ‘liveness’ that are being added to all the major systems. Ah what the heck.

It isn’t difficult to have a fingerprint reader check for a regular but minor inflation of the print that coincides with the heart beat. An iris under the steely gaze of a camera that changes the light level will adjust accordingly. I dare you to hold your face as steady as in a photo – you subtly twist and turn, your expression changes etc.

We could also heat or chill the fingerprint reader and ask “was it hot or cold?” Or we could raise some tiny dots against the depressed finger (a little like braille) and ask did you feel three dots or four?

And of course your voice should never be exactly the same as last time either – we need to observe changes, otherwise it’s likely to be a recording.

the point is that a real biometric can never be a static sample – if it is static, it is almost certainly fake.

…and the armed guard watching you make the authentication attempt just might take exception to the fact that yesterday you had blue eyes (just like in your file photo) and today they’re green!

Me's Advocate August 1, 2012 12:05 PM


You didn’t answer the question. Just because you think it’s absurd doesn’t mean it isn’t a valid issue.

It’s absurd that the TSA will prevent a 6 year old from getting on a plane because their “name” appears on the “No Fly” list. And yet it happens.

Roger August 2, 2012 4:39 AM

“Anyone who uses biometrics as a form of unattended authentication simply doesn’t understand the point of biometrics.”

Unfortunately, that is exactly what most biometric solutions are marketed as – by the industry itself. If you have to have a guard present at the reader, the cost-effectiveness of the biometric solution becomes vastly less attractive, so they rarely if ever suggest it may be necessary, and it even less often happens. That is (the main) reason why we consider the biometrics industry to be 90% snake oil salesmen.

“It isn’t difficult to have a fingerprint reader check for a regular but minor inflation of the print that coincides with the heart beat. ”

You may want to read up more on the gummy bear attack. There was nothing surprising about the fact that you could build a fake fingerprint to fool a reader.

The reason it was a bit of a sensation at the time was because a very cheap attack ($15) actually fooled every “liveness” detector that was available at the time. “Gummi” fingerprints are so thin the liveness detector simply detects the living finger underneath.

Now, maybe liveness detectors have become more sophisticated since then; but then again, some crooks might be willing to spend more than $15 preparing an attack.

The real problem, though, was that back then, the vendors focussed on just getting acceptable ROC, and didn’t actually test resistance to hostile attack not wlecome results from othes. Unless that attitude has changed, such probelms will continue to occur.

Jeremy August 2, 2012 7:46 AM

Since they are not replicating the original iris but creating a synthetic hash match as it were. I’m sure it would be just as possible to create a mash-up of the contact wearer’s iris and the contact lens that results in the same hash result but not cover the entire iris. Soft contact lenses should transmit nearly all IR as they are 99% water. Most you can easily smear between your fingers. Since it is the iris that expands and contracts the pupil I would imaging that its hash signature must change depending on light conditions.

jacob August 2, 2012 10:57 AM

Sorry not really impressed. It’s clever, that’s it. Biometrics are not the end all be all security authentication method. Of course, it was toted as such like everything else.

Every year someone brings out a new hack and gets the feds interested/startled. The defcon reading cards from a distance for example.

I’ll be snarky and predict one. Physical access to a network or computer, game over. Someone will use an IP based CCTV security system to compromise a network. The pen testing with social engineering. A workman responding to a down camera….the MP cameras have computing power, oh never mind. lol Maybe I should play on my workbench.

I would like to know if anyone has noticed that FLAMe, others turned on cameras and microphones. A person’s typing follows space, rythym. That could make it easier to crack passwords if not crack outright. Just my thoughts.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.