Careers & Certifications

06:40 PM
Connect Directly
RSS
E-Mail
50%
50%

Microsoft's Fingerprint Reader Hacked

Microsoft's low-cost biometric device doesn't encrypt fingerprint images, leaving it open to hacking, a security researcher claimed. MS responds however that the tool was never designed to provide massive

"With no crypto, one will not even need a gelatin finger," he said in his presentation notes.

Microsoft licenses the underlying technology for its reader from Redwood City, Calif.-based Digital Persona; that company's U.are.U 4000 reader does encrypt image data.

But sans encryption, Kiviharju said, Microsoft's implementation of Digital Persona's technology exposes some of the latter's security methods to hackers.

"MSFR unencryption reveals some anti-forgery strategies used by Digital Persona elsewhere," said Kiviharju in an accompanying white paper. Among them: Digital Persona's use of a checksum.

Vance Bjorn, Digital Persona's chief technology officer, denied that any sensitive information about the technology had been disclosed to potential attackers by Microsoft's lack of encryption.

Previous
2 of 3
Next
Comment  | 
Print  | 
More Insights
Hot Topics
6
8 Gotchas Of Technology Contracting
Craig Auge, Partner, Vorys,  7/17/2014
3
Cisco DevNet Focuses On Developers
Marcia Savage, Managing Editor, Network Computing,  7/21/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
Video
Slideshows
Twitter Feed