We've updated our Privacy Policy to make it clearer how we use your personal data. We use cookies to provide you with a better experience. You can read our Cookie Policy here.


Iris Scanner Can Distinguish Dead Eyeballs From Living Ones

Listen with
Register for free to listen to this article
Thank you. Listen to this article using the player above.

Want to listen to this article for FREE?

Complete the form below to unlock access to ALL audio articles.

Read time: 2 minutes
In theory, an iris scanner can be hacked using an eyeball plucked from the victim. Now researchers have trained a machine-vision system to tell the difference between dead irises and live ones.

The 1993 film Demolition Man is set in the fictional future of the 2030s, where people gain access to more or less everything via iris scans. That leads to an unsurprising plot device in which a prisoner escapes from jail by cutting out the warden’s eyeball and using it to spoof the biometric scanners.

Fast-forward from 1993 to 2018, researchers have created a database of iris scans from living people and from dead bodies and then trained a machine-learning algorithm to spot the difference.

Scientists from the Warsaw University of Technology in Poland say their algorithm can distinguish a living iris from and a dead one with 99 percent accuracy. But, their results offer criminals a potential way to beat the detection system.

Ophthalmologists have long recognized that the intricate structure of the iris is unique in every individual. The details are particularly apparent in near-infrared iris images, and iris images at this wavelength are widely used in various security applications.

But the system isn’t perfect. Last year, hackers unlocked an iris-scanning Samsung smartphone by printing an image of the owner’s iris onto a contact lens and then placing the contact lens onto a dummy eyeball.

The more gruesome hack from Demolition Man is another way to circumvent these systems. But nobody has worked out whether this form of attack can be detected, until now.

A different kind of database

The research is made possible by an unusual database: the Warsaw BioBase PostMortem Iris dataset, which includes 574 near-infrared iris images collected from 17 people at various times after they have died. The images date from five hours to 34 days after death.

The team also collected 256 images of live irises. They took care to use the same iris camera used on the cadavers so that the machine-learning algorithm couldn’t be fooled into recognizing images based on the characteristics of different cameras.

The dataset was also checked for obvious bias in the images, such as differences in the way different operators may take pictures and the way this influences image intensity. They found there was little to distinguish the images in this respect.

Spot the difference

However, there is an obvious difference in the way live and dead irises often look in images. This arises because the eyelids of cadavers are often held open using metal retractors, unlike for most live iris images. These are easy for a machine-vision algorithm to spot. For this reason, the team cropped the images to show just the iris.

Finally, they used most of the dataset to train a machine-learning system to recognize dead and alive irises. They used the rest of the dataset to test the algorithm.
The results suggest that the algorithm accurately spots all dead irises and rarely misclassifies live ones.

“No post-mortem sample gets mistakenly classified as a live one, with a probability of misclassifying a live sample as a dead one being around 1 percent,” says the team.

However, there is a caveat. This accuracy applies only to irises that have been dead for 16 hours or more. “Samples collected briefly after death (i.e., five hours in our study) can fail to provide post-mortem changes that are pronounced enough to serve as cues for liveness detection,” say Trokielewicz.

That gives these gruesome hackers a window of opportunity since freshly plucked eyeballs should work a treat.

Worried readers can surely take some comfort from the knowledge that plucked eyeballs lose their hacking potency just a few hours later.

This article has been republished from materials provided by Massachusetts Institute of Technology. Note: material may have been edited for length and content. For further information, please contact the cited source.