Penetration Testing mailing list archives
Re: Hacking USB Thumbdrives, Thumprint authentication
From: "Volker Tanger" <volker.tanger () discon de>
Date: Tue, 27 Jan 2004 09:31:34 +0100
Greetings! On Mon, 26 Jan 2004 14:43:12 -0500 "Deras, Angel R./Information Systems" <derasa () MSKCC ORG> wrote:
When we investigated fingerprinting products, two colleagues cracked the system by using a paper photocopy of a finger.
There's an even less technical approach presented ~ a year ago by the German c't magazine (http://www.heise.de/ct/02/11/114/default.shtml), that worked with a surprising number of the fingerprint readers: first you clean the reader (with a bit of wet/soapy cloth) and wait for a user to authenticate. After he left, you simply login by aspirating against the reader... Probable explanation: each finger pressed against the reader lets some greasy residue left behind - in the form of a fingerprint. By aspirating water vapor condenses (preferrably) at the non-greasy parts (fat and water don't mix) - in the form of a valid fingerprint. Warm breath seems to confirm the life detection - et volia! Scary - but seemed to be sufficient for a number of devices... :-( Volker Tanger ITK-Security --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Hacking USB Thumbdrives, Thumprint authentication m e (Jan 25)
- Re: Hacking USB Thumbdrives, Thumprint authentication Craig Pringle (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Job de Haas (Jan 26)
- RE: Hacking USB Thumbdrives, Thumprint authentication John Deatherage (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Walter Williams (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Rob Shein (Jan 27)
- <Possible follow-ups>
- RE: Hacking USB Thumbdrives, Thumprint authentication Deras, Angel R./Information Systems (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Volker Tanger (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication m e (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Rob Shein (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Jerry Shenk (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Atul Porwal (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Herbold, John W. (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication m e (Jan 28)
- Re: Hacking USB Thumbdrives, Thumprint authentication Meritt James (Jan 29)
- Re: Hacking USB Thumbdrives, Thumprint authentication m e (Jan 28)