Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hacking USB Thumbdrives, Thumprint authentication

From: "Atul Porwal" <atul_porwal () infosys com>
Date: Tue, 27 Jan 2004 20:53:14 +0530

I am even intersted in knowing any sploits for Flash drives...without Biometric Authentication (Only password 
Authentication)

Any Pointer

Cheers,
Atul


-----Original Message-----
From: m e [mailto:mje () list intersec com]
Sent: Sunday, January 25, 2004 11:01 AM
To: pen-test () securityfocus com
Subject: Hacking USB Thumbdrives, Thumprint authentication




I'm interested in research regarding hacking USB drives

unlocked with a thumbprint



http://www.thumbdrive.com/prd_info.htm



Or any thumbprint biometric hacking.



Client is considering USB drives to offload laptop data 

and at first glance seems like a better solution

than keeping sensitive data on laptops. Encryption software

on laptops requires more password management and software

hassles. The above device has no software drivers to install

so deployment headaches are minimized with (what seems) like

better security (obviously not maximum security) at low

deployment cost.



I'm guessing one can take the flash chip off the device

and plug into regular USB drive. Or rewrite the thumbprint hash.

Or hacks to fool the drivers. Or reverse engineer the

login program to always return "Yes".



Thanks,

dreez

mje () secev com










---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: