Penetration Testing mailing list archives
Re: Hacking USB Thumbdrives, Thumprint authentication
From: "Craig Pringle" <craig () pringle net nz>
Date: Mon, 26 Jan 2004 16:45:37 +1300 (NZDT)
I suspect that this device would be vulnerable to Dr. Tsutomu Matsumoto's "Gummy Finger" attack as described here (the article is talking about defeating a different type of device, but the gummy finger bit probably applies): http://www.bromba.com/knowhow/idm4vul.htm Dr. Matsumoto's full presentation is a good read on the subject and is available here:http://www.itu.int/itudoc/itu-t/workshop/security/present/s5p4.pdf (If you actually try this I would be interested to hear how you get on!) HTH, Craig
I'm interested in research regarding hacking USB drives unlocked with a thumbprint http://www.thumbdrive.com/prd_info.htm Or any thumbprint biometric hacking. Client is considering USB drives to offload laptop data and at first glance seems like a better solution than keeping sensitive data on laptops. Encryption software on laptops requires more password management and software hassles. The above device has no software drivers to install so deployment headaches are minimized with (what seems) like better security (obviously not maximum security) at low deployment cost. I'm guessing one can take the flash chip off the device and plug into regular USB drive. Or rewrite the thumbprint hash. Or hacks to fool the drivers. Or reverse engineer the login program to always return "Yes". Thanks, dreez mje () secev com --------------------------------------------------------------------------- ----------------------------------------------------------------------------> +*
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Hacking USB Thumbdrives, Thumprint authentication m e (Jan 25)
- Re: Hacking USB Thumbdrives, Thumprint authentication Craig Pringle (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Job de Haas (Jan 26)
- RE: Hacking USB Thumbdrives, Thumprint authentication John Deatherage (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Walter Williams (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Rob Shein (Jan 27)
- <Possible follow-ups>
- RE: Hacking USB Thumbdrives, Thumprint authentication Deras, Angel R./Information Systems (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Volker Tanger (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication m e (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Rob Shein (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Jerry Shenk (Jan 27)
(Thread continues...)