When a person scans his or her iris into a biometric system for the first time, the system turns the iris into a code consisting of about 5,000 bits of data. This code is based on about 240 points that are measured in the actual iris image, and is for all intents and purposes a unique digital analog of the iris. The actual iris image is then discarded.
The next time the person needs to authenticate himself or herself, he or she scans the iris again. The device converts this scan into an iris code as well, and the two codes are compared. If the digital codes match—within a reasonable margin of error—then identity is authenticated and access is granted.
But researchers at the Universidad Autonoma de Madrid and West Virginia University have found a way to reverse-engineer an iris image from the digital code itself using genetic algorithms—an iris image so good it can fool a biometric scanner.
Genetic algorithms are those that improve results each time they process data. Like generations of a species over time, they adapt; each iteration of the algorithm produces an iris image with an iris code that is a little more similar to the code being reconstructed. After 100-200 iterations, the algorithm generates an iris image with an iris code that is adequately similar to the original code.
..if a database containing iris codes were hacked, the hackers could construct iris images that would dupe scanners, and they would never even have to get near the actual owner of that iris.