alt Hacker NewsYeah 25 years ago people said stuff like that about fingerprint scanners, and then they got hacked by literal gummy bears:
https://www.theregister.com/2002/05/16/gummi_bears_defeat_fi...
For 2020's-era palm scanners you don't have to replicate a 3D hand -- just like a video chat doesn't replicate my 3D face. You just have to emit photons (some of them infrared, yes) in the correct pattern. The hack won't look like a 3D-printed hand, it'll look like a display panel that works beyond visible wavelengths. It'll probably be some device developed for a totally unrelated market, and then one day "whoops, all those palm scanners are 0wn3d" (natürlich auf Deutsch) will be a talk title at CCC.
But all this is academic. The real problem with biometrics is that when your password is a body part, you can't change your password.
I agree and I get it. But at the same time, it is only used for payment and discounts at grocery store. Payment with a card is even less secure here in US. So, I do not think that Amazon Go was particularly unsecured since it was just for credit card payment.
If someone manages to replicate my pulsing blood vessels from my hand and trick the scanner, that would be fine. I would dispute the purchase, and the store would not even pull the camera footage, and just refund.
Amazon Go was not used to hold access to bank accounts or crypto wallets. I think it was a good technology and balance between convenience and security, for the purpose (grocery loyalty and payment).
A twin or even sometimes a relative (son and mother) can open an iphone and its banking apps using the facial recognition. That is more concerning to me than Amazon Go palm scanning for groceries.