Re: Hacking USB Thumbdrives, Thumprint authentication

["Craig Pringle" <craig () pringle net nz>]

I suspect that this device would be vulnerable to Dr. Tsutomu Matsumoto's
"Gummy Finger" attack as described here (the article is talking about
defeating a different type of device, but the gummy finger bit probably
applies):
http://www.bromba.com/knowhow/idm4vul.htm

Dr. Matsumoto's full presentation is a good read on the subject and is
available here:http://www.itu.int/itudoc/itu-t/workshop/security/present/s5p4.pdf

(If you actually try this I would be interested to hear how you get on!)

HTH,

Craig
> I'm interested in research regarding hacking USB drives
> unlocked with a thumbprint
>
> http://www.thumbdrive.com/prd_info.htm
>
> Or any thumbprint biometric hacking.
>
> Client is considering USB drives to offload laptop data
> and at first glance seems like a better solution
> than keeping sensitive data on laptops. Encryption software
> on laptops requires more password management and software
> hassles. The above device has no software drivers to install
> so deployment headaches are minimized with (what seems) like
> better security (obviously not maximum security) at low
> deployment cost.
>
> I'm guessing one can take the flash chip off the device
> and plug into regular USB drive. Or rewrite the thumbprint hash.
> Or hacks to fool the drivers. Or reverse engineer the
> login program to always return "Yes".
>
> Thanks,
> dreez
> mje () secev com
>
>
>
>
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------->
> +*




---------------------------------------------------------------------------
----------------------------------------------------------------------------