Penetration Testing mailing list archives
Re: Hacking USB Thumbdrives, Thumprint authentication
From: Walter Williams <wbjw () mindspring com>
Date: Mon, 26 Jan 2004 21:42:04 -0500
You will want to verify that the thumbprint is not only hashed, but morphed either before or after the hash. This way there is the ability to periodically change the recording of the thumbprint such as you would change your password, and for many of the same reasons: if the morph changes every 30 days, the person who has stollen the hash for cracking has some random subset of that in which that hash is good. Most comercial grade biometric devices can't do this, and hacking a thumb print is rather easy, if you have physical access to the person (and therefor the laptop). Requires social engineering skills, that's all. Walter m e wrote:
I'm interested in research regarding hacking USB drives unlocked with a thumbprint http://www.thumbdrive.com/prd_info.htm Or any thumbprint biometric hacking.Client is considering USB drives to offload laptop data and at first glance seems like a better solutionthan keeping sensitive data on laptops. Encryption software on laptops requires more password management and software hassles. The above device has no software drivers to install so deployment headaches are minimized with (what seems) like better security (obviously not maximum security) at low deployment cost. I'm guessing one can take the flash chip off the device and plug into regular USB drive. Or rewrite the thumbprint hash. Or hacks to fool the drivers. Or reverse engineer the login program to always return "Yes". Thanks, dreez mje () secev com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Hacking USB Thumbdrives, Thumprint authentication m e (Jan 25)
- Re: Hacking USB Thumbdrives, Thumprint authentication Craig Pringle (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Job de Haas (Jan 26)
- RE: Hacking USB Thumbdrives, Thumprint authentication John Deatherage (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Walter Williams (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Rob Shein (Jan 27)
- <Possible follow-ups>
- RE: Hacking USB Thumbdrives, Thumprint authentication Deras, Angel R./Information Systems (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Volker Tanger (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication m e (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Rob Shein (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Jerry Shenk (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Atul Porwal (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Herbold, John W. (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication m e (Jan 28)
(Thread continues...)