Re: Hacking USB Thumbdrives, Thumprint authentication

[m e <mje () list intersec com>]

In-Reply-To: <20040127093134.79083dea.volker.tanger () discon de>

Excellent! I'm trying it on mine but can't get it to
kick in.

What causes the reader to take a reading? Temperature, lack 
of light? My reader will wait until it "senses" a thumb
is on the drive. Not sure what it is trying to "sense".

Thanks for the suggestion!


> Greetings!
>
> On Mon, 26 Jan 2004 14:43:12 -0500 "Deras, Angel R./Information Systems"
> <derasa () MSKCC ORG> wrote:
> > When we investigated fingerprinting products, two colleagues cracked
> > the system by using a paper photocopy of a finger.  
>
> There's an even less technical approach presented ~ a year ago by the
> German c't magazine (http://www.heise.de/ct/02/11/114/default.shtml),
> that worked with a surprising number of the fingerprint readers: first
> you clean the reader (with a bit of wet/soapy cloth) and wait for a user
> to authenticate. After he left, you simply login by aspirating against
> the reader...
>
> Probable explanation: each finger pressed against the reader lets some
> greasy residue left behind - in the form of a fingerprint. By aspirating
> water vapor condenses (preferrably) at the non-greasy parts (fat and
> water don't mix) - in the form of a valid fingerprint. Warm breath seems
> to confirm the life detection - et volia!
>
> Scary - but seemed to be sufficient for a number of devices...
> :-(
>
> Volker Tanger
> ITK-Security
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------