![]() Just as the “secure” credit card decrypters pipe plaintext bits out their serial ports, the wrong part of the fingerprint system is secured. The vulnerability is another instance of not checking the ends of a secure system. ![]() A fine example of attempted security through obscurity. The manufacturers commented admitting they were aware of the vulnerability, but that it was difficult enough that most people wouldn’t figure it out. This can be done with a very simple command from an opensource utility. This means all one has to do is send the correct signal and the stick happily discloses the data. The vulnerability lies in a fundamental design flaw: the signal to access the data comes from the PC, and is not computed on board the chip. ![]() Researches discovered this vulnerability in models from 9pay and A-Data fingerprint USB data sticks. You can just tell the device that the data is public. No need to go to great lengths to try to spoof finger print scanners on USB sticks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |