Vulnerability Development mailing list archives
Re: Hacking USB Thumbdrives, Thumprint authentication
From: Harlan Carvey <keydet89 () yahoo com>
Date: Mon, 26 Jan 2004 08:40:42 -0800 (PST)
There were some articles on SF a bit ago, referring to the use of household kitchen items (gummy bears) to "fool" the thumbprint biometric devices. My own research about 2 yrs ago showed that while the thumbprint scanners worked well for local authentication, they did nothing to protect a system from being contacted remotely. If a weak admin (or any user, for that matter) password is in place, then the biometric does no good whatsoever. Also, there are ways to cause the biometric device to "malfunction", to the point that the user is frustrated. For instance, unseat the connection to the back of the machine, or break off a pin, or put a smug on the reader...these will cause enough problems with the device that the user will grow tired of dealing with it. Remember, the thumbprint biometric scanners are not so much for security, but more for convenience...users don't often forget their thumbs, whereas they may forget a password.
I'm interested in research regarding hacking USB drives unlocked with a thumbprint http://www.thumbdrive.com/prd_info.htm Or any thumbprint biometric hacking. Client is considering USB drives to offload laptop data and at first glance seems like a better solution than keeping sensitive data on laptops. Encryption software on laptops requires more password management and software hassles. The above device has no software drivers to install so deployment headaches are minimized with (what seems) like better security (obviously not maximum security) at low deployment cost. I'm guessing one can take the flash chip off the device and plug into regular USB drive. Or rewrite the thumbprint hash. Or hacks to fool the drivers. Or reverse engineer the login program to always return "Yes". Thanks, dreez mje () secev com
Current thread:
- Hacking USB Thumbdrives, Thumprint authentication m e (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Robin (Jan 26)
- RE: Hacking USB Thumbdrives, Thumprint authentication David Schwartz (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication Robin (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication David Schwartz (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication Harlan Carvey (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Rev. Kronovohr (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Valdis . Kletnieks (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication Jon McClintock (Jan 26)
- RE: Hacking USB Thumbdrives, Thumprint authentication Gavin S (Jan 28)
- <Possible follow-ups>
- RE: Hacking USB Thumbdrives, Thumprint authentication hugh_fraser (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Peter Gutmann (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication Philip Stortz (Jan 29)
- Re: Hacking USB Thumbdrives, Thumprint authentication Robin (Jan 26)