This study reveals that palmprint recognition devices unintentionally emit electromagnetic (EM) signals carrying biometric information, enabling remote extraction of palmprint and palm vein images. To address this threat, we propose EMPalm—the first EM side-channel attack framework targeting dual-modal palm biometric systems. EMPalm employs band separation and time-frequency analysis to extract modality-specific EM features, then leverages diffusion models for high-fidelity reconstruction of biometric images. Evaluated on nine commercial devices, reconstructed images achieve an SSIM of 0.79, PSNR of 29.88 dB, and FID of 6.82. Moreover, the reconstructed images achieve a 65.30% average spoofing success rate against mainstream palmprint recognition models. This work presents the first demonstration of joint EM side-channel recovery of dual-modal biometric traits, exposing critical physical-layer security vulnerabilities in palmprint recognition systems.

Palm recognition has emerged as a dominant biometric authentication technology in critical infrastructure. These systems operate in either single-modal form, using palmprint or palmvein individually, or dual-modal form, fusing the two modalities. Despite this diversity, they share similar hardware architectures that inadvertently emit electromagnetic (EM) signals during operation. Our research reveals that these EM emissions leak palm biometric information, motivating us to develop EMPalm--an attack framework that covertly recovers both palmprint and palmvein images from eavesdropped EM signals. Specifically, we first separate the interleaved transmissions of the two modalities, identify and combine their informative frequency bands, and reconstruct the images. To further enhance fidelity, we employ a diffusion model to restore fine-grained biometric features unique to each domain. Evaluations on seven prototype and two commercial palm acquisition devices show that EMPalm can recover palm biometric information with high visual fidelity, achieving SSIM scores up to 0.79, PSNR up to 29.88 dB, and FID scores as low as 6.82 across all tested devices, metrics that collectively demonstrate strong structural similarity, high signal quality, and low perceptual discrepancy. To assess the practical implications of the attack, we further evaluate it against four state-of-the-art palm recognition models, achieving a model-wise average spoofing success rate of 65.30% over 6,000 samples from 100 distinct users.