RE: Hacking USB Thumbdrives, Thumprint authentication

[<hugh_fraser () dofasco ca>]

Have a look at the paper called on fooling biometric scanners from the
4th Australian Information Warfare and IT Security Conference 2003. It
talks about some weaknesses of fingerprint biometrics. It's at
www.stdot.com/pub/ffs_article_asten_akaseva.pdf 

Realize that this doesn't discuss protocols or other software hacking.
There are basic problems with thumbprint biometrics that offer much
simpler ways to assume the identity of another person.

> -----Original Message-----
> From: m e [mailto:mje () list intersec com] 
> Sent: Sunday, January 25, 2004 12:31 AM
> To: vuln-dev () securityfocus com
> Subject: Hacking USB Thumbdrives, Thumprint authentication
>
>
>
>
>
>
> I'm interested in research regarding hacking USB drives
>
> unlocked with a thumbprint
>
>
>
> http://www.thumbdrive.com/prd_info.htm
>
>
>
> Or any thumbprint biometric hacking.
>
>
>
> Client is considering USB drives to offload laptop data 
>
> and at first glance seems like a better solution
>
> than keeping sensitive data on laptops. Encryption software
>
> on laptops requires more password management and software
>
> hassles. The above device has no software drivers to install
>
> so deployment headaches are minimized with (what seems) like
>
> better security (obviously not maximum security) at low
>
> deployment cost.
>
>
>
> I'm guessing one can take the flash chip off the device
>
> and plug into regular USB drive. Or rewrite the thumbprint hash.
>
> Or hacks to fool the drivers. Or reverse engineer the
>
> login program to always return "Yes".
>
>
>
> Thanks,
>
> dreez
>
> mje () secev com