Vulnerability Development mailing list archives
RE: Hacking USB Thumbdrives, Thumprint authentication
From: <hugh_fraser () dofasco ca>
Date: Mon, 26 Jan 2004 12:21:44 -0500
Have a look at the paper called on fooling biometric scanners from the 4th Australian Information Warfare and IT Security Conference 2003. It talks about some weaknesses of fingerprint biometrics. It's at www.stdot.com/pub/ffs_article_asten_akaseva.pdf Realize that this doesn't discuss protocols or other software hacking. There are basic problems with thumbprint biometrics that offer much simpler ways to assume the identity of another person.
-----Original Message----- From: m e [mailto:mje () list intersec com] Sent: Sunday, January 25, 2004 12:31 AM To: vuln-dev () securityfocus com Subject: Hacking USB Thumbdrives, Thumprint authentication I'm interested in research regarding hacking USB drives unlocked with a thumbprint http://www.thumbdrive.com/prd_info.htm Or any thumbprint biometric hacking. Client is considering USB drives to offload laptop data and at first glance seems like a better solution than keeping sensitive data on laptops. Encryption software on laptops requires more password management and software hassles. The above device has no software drivers to install so deployment headaches are minimized with (what seems) like better security (obviously not maximum security) at low deployment cost. I'm guessing one can take the flash chip off the device and plug into regular USB drive. Or rewrite the thumbprint hash. Or hacks to fool the drivers. Or reverse engineer the login program to always return "Yes". Thanks, dreez mje () secev com
Current thread:
- Hacking USB Thumbdrives, Thumprint authentication m e (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Robin (Jan 26)
- RE: Hacking USB Thumbdrives, Thumprint authentication David Schwartz (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication Robin (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication David Schwartz (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication Harlan Carvey (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Rev. Kronovohr (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Valdis . Kletnieks (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication Jon McClintock (Jan 26)
- RE: Hacking USB Thumbdrives, Thumprint authentication Gavin S (Jan 28)
- <Possible follow-ups>
- RE: Hacking USB Thumbdrives, Thumprint authentication hugh_fraser (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Peter Gutmann (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication Philip Stortz (Jan 29)
- Re: Hacking USB Thumbdrives, Thumprint authentication Robin (Jan 26)