Careers & Certifications

06:40 PM
Connect Directly
RSS
E-Mail
50%
50%

Microsoft's Fingerprint Reader Hacked

Microsoft's low-cost biometric device doesn't encrypt fingerprint images, leaving it open to hacking, a security researcher claimed. MS responds however that the tool was never designed to provide massive

Microsoft's Fingerprint Reader, a low-cost biometric device aimed at consumers, doesn't encrypt the fingerprint image, leaving it open to hacking, a security researcher claimed.

Finnish researcher Mikko Kiviharju, who presented his findings last week at Amsterdam's Black Hat Europe conference, laid out a scheme using "sniffers," hardware or software tools that intercept encrypted data, to fool the Fingerprint Reader.

Unlike more expensive biometric gear, Microsoft's reader is labeled only as a tool of "convenience." In fact, the Redmond, Wash.-based company spells it out in the opening of the product's Getting Started guide.

"The fingerprint reader is not a security feature and is intended to be used for convenience only. It should not be used to access corporate networks or to protect sensitive data, such as financial information," the guide reads.

Kiviharju, however, noted that the lack of encryption makes it possible to spoof a fingerprint, which would give an attacker access to a Windows account as well as password-protected Web sites. A phony fingertip isn't necessary, since the unencrypted data can be captured, then "replayed" to the computer, fooling it into thinking a real finger was pressed on the reader.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Cartoon
Hot Topics
12
Confessions Of A VMworld Virgin
Susan Fogarty, Editor in Chief,  8/22/2014
6
IT Certification's Top 10 Benefits
Global Knowledge, Global Knowledge,  8/20/2014
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Slideshows
Twitter Feed