Penetration Testing mailing list archives
Re: Hacking USB Thumbdrives, Thumprint authentication
From: m e <mje () list intersec com>
Date: 28 Jan 2004 00:11:43 -0000
In-Reply-To: <20040127093134.79083dea.volker.tanger () discon de> Excellent! I'm trying it on mine but can't get it to kick in. What causes the reader to take a reading? Temperature, lack of light? My reader will wait until it "senses" a thumb is on the drive. Not sure what it is trying to "sense". Thanks for the suggestion!
Greetings! On Mon, 26 Jan 2004 14:43:12 -0500 "Deras, Angel R./Information Systems" <derasa () MSKCC ORG> wrote:When we investigated fingerprinting products, two colleagues cracked the system by using a paper photocopy of a finger.There's an even less technical approach presented ~ a year ago by the German c't magazine (http://www.heise.de/ct/02/11/114/default.shtml), that worked with a surprising number of the fingerprint readers: first you clean the reader (with a bit of wet/soapy cloth) and wait for a user to authenticate. After he left, you simply login by aspirating against the reader... Probable explanation: each finger pressed against the reader lets some greasy residue left behind - in the form of a fingerprint. By aspirating water vapor condenses (preferrably) at the non-greasy parts (fat and water don't mix) - in the form of a valid fingerprint. Warm breath seems to confirm the life detection - et volia! Scary - but seemed to be sufficient for a number of devices... :-( Volker Tanger ITK-Security --------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Hacking USB Thumbdrives, Thumprint authentication, (continued)
- RE: Hacking USB Thumbdrives, Thumprint authentication Deras, Angel R./Information Systems (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Volker Tanger (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication m e (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Rob Shein (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Jerry Shenk (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Atul Porwal (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication Herbold, John W. (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication m e (Jan 28)
- Re: Hacking USB Thumbdrives, Thumprint authentication Meritt James (Jan 29)
- Re: Hacking USB Thumbdrives, Thumprint authentication m e (Jan 28)
- RE: Hacking USB Thumbdrives, Thumprint authentication Deras, Angel R./Information Systems (Jan 26)