From: Craig Pringle (craig@pringle.net.nz)
Date: Sun Jan 25 2004 - 22:45:37 EST
I suspect that this device would be vulnerable to Dr. Tsutomu Matsumoto's
"Gummy Finger" attack as described here (the article is talking about
defeating a different type of device, but the gummy finger bit probably
applies):
http://www.bromba.com/knowhow/idm4vul.htm
Dr. Matsumoto's full presentation is a good read on the subject and is
available here:http://www.itu.int/itudoc/itu-t/workshop/security/present/s5p4.pdf
(If you actually try this I would be interested to hear how you get on!)
HTH,
Craig
>
>
> I'm interested in research regarding hacking USB drives
> unlocked with a thumbprint
>
> http://www.thumbdrive.com/prd_info.htm
>
> Or any thumbprint biometric hacking.
>
> Client is considering USB drives to offload laptop data
> and at first glance seems like a better solution
> than keeping sensitive data on laptops. Encryption software
> on laptops requires more password management and software
> hassles. The above device has no software drivers to install
> so deployment headaches are minimized with (what seems) like
> better security (obviously not maximum security) at low
> deployment cost.
>
> I'm guessing one can take the flash chip off the device
> and plug into regular USB drive. Or rewrite the thumbprint hash.
> Or hacks to fool the drivers. Or reverse engineer the
> login program to always return "Yes".
>
> Thanks,
> dreez
> mje@secev.com
>
>
>
>
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------->
> +*
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT