Full Disclosure mailing list archives
Re: Banknotes Misproduction security & biometric weakness
From: Vulnerability Lab <research () vulnerability-lab com>
Date: Wed, 7 Feb 2018 12:22:14 +0100
Am 31.01.2018 um 17:21 schrieb Vulnerability Lab:
Hello Ben Tasker, sorry if the title of the issue did lead you to misunderstand the article. The currency is still secure. The title refers to the information used for the issue. In case it was misleading we will update it but you was the first who misunderstood the article by comments. "The weakness, the theory goes, is that someone could register a "fingerprint" in your system by using a banknote. This'd give them access whilst also meaning you didn't at least have a hash of their real fingerprint for forensics to find." This is correct. Also the problem that others can access with the same hologram into for exmaple the high protected area (mil & gov). "Another theory is that users might opt to use a banknote instead of their own fingerprint. I'm not quite sure what the likelihood of that is, in that it's not exactly convenient, and if you're concerned about privacy implications from a fingerprint scanner the best option is not to use it." What about, if the fingerprint of lenovo (bug disclosed parallel to us) is our european currency. Means the hardcoded fingerprints that published parallel is exactly what we refer to when we talk about a universal fingerprint. In the real life it is pretty easy to use it in large companies due to the registration and as well on entrance. Maybe you feel like the pratical interaction can not happen, we can confirm you from germany we was successful. The government disallowed us to register the fingerprint to the real system otherwise a compromise could not be excluded.
-- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: Banknotes Misproduction security & biometric weakness Ben Tasker (Feb 02)
- Re: Banknotes Misproduction security & biometric weakness InterN0T via Fulldisclosure (Feb 06)
- Message not available
- Re: Banknotes Misproduction security & biometric weakness Vulnerability Lab (Feb 07)
- Message not available
- Re: Banknotes Misproduction security & biometric weakness InterN0T via Fulldisclosure (Feb 06)
- Message not available
- Re: Banknotes Misproduction security & biometric weakness Vulnerability Lab (Feb 07)
- <Possible follow-ups>
- Re: Banknotes Misproduction security & biometric weakness Vulnerability Lab (Feb 07)