Do not say goodbye to passwords yet - Microsoft Fingerprint reader lacks the basic security features. Read more.Microsoft Fingerprint Reader optical scanner does not encrypt the fingerprint image while transferring it to the computer.
The unencrypted user fingerprint image could be stolen using sniffers that monitor such traffic.
Once the fingerprint image was sniffed, it could be used by attackers to make it appear as if the victim were authenticating onto a PC or a Web site using the Fingerprint Reader.
This Fingerprint theft security hole was first reported by Mikko Kiviharju at a recent Black Hat Europe conference.
Microsoft also recommends using password instead of Fingerprint Reader for protecting sensitive data such as financial information or for accessing corporate networks.
Download Mikko Kiviharju paper
Source: Researcher hacks Microsoft Fingerprint Reader
Find this article at: http://labnol.blogspot.com/2006/03/why-is-microsoft-fingerprint-reader.html
web: http://www.labnol.org/ email: amit@labnol.org
Reader Comments
Interesting note about the unencrypted image. But if you're using DigitalPersona Password Manager 2.0, the fingerprint image coming from the reader is encrypted.
Written on 15/6/07 9:00 PM
..and someone needs physical access to your PC (with another PC) to exploit this hack.
If someone gets physical access to your home PC, with or without a fingerprint reader, it is game over in any case.
Storm in a teacup really - a bit like saying your drivers license can be stolen if you are incapicitated during a car crash.
Written on 8/7/07 1:38 PM