In the past, I have identified some problems with biometrics as an element in security systems. On the Wired website, there is a relatively old article describing an attack against electronic physical access control systems, developed by Zac Franken. It exploits the fact that the commonly used Wiegand protocol – used for communication between readers and access control databases – does not perform proper authentication between the access token, reader, and database system. As a consequence, if it is possible to gain physical access to the communication wires, an attacker can record a valid exchange between a real token and the database, then replicate it to grant themselves access. It doesn’t matter if the token is a keycard, a key, or a retinal scan.
The hardware required apparently costs around $10. In addition to allowing an unauthorized user to gain access, the system can also lock out all legitimate users once the attacker is inside.
What this exploit really demonstrates is how successful security requires that every element of a system be robust against exploitation. You could spend thousands of dollars on the best biometric scanners available, only to be foiled by a simple workaround of this type.