Careers & Certifications

06:40 PM
Connect Directly
RSS
E-Mail
50%
50%

Microsoft's Fingerprint Reader Hacked

Microsoft's low-cost biometric device doesn't encrypt fingerprint images, leaving it open to hacking, a security researcher claimed. MS responds however that the tool was never designed to provide massive

Microsoft's Fingerprint Reader, a low-cost biometric device aimed at consumers, doesn't encrypt the fingerprint image, leaving it open to hacking, a security researcher claimed.

Finnish researcher Mikko Kiviharju, who presented his findings last week at Amsterdam's Black Hat Europe conference, laid out a scheme using "sniffers," hardware or software tools that intercept encrypted data, to fool the Fingerprint Reader.

Unlike more expensive biometric gear, Microsoft's reader is labeled only as a tool of "convenience." In fact, the Redmond, Wash.-based company spells it out in the opening of the product's Getting Started guide.

"The fingerprint reader is not a security feature and is intended to be used for convenience only. It should not be used to access corporate networks or to protect sensitive data, such as financial information," the guide reads.

Kiviharju, however, noted that the lack of encryption makes it possible to spoof a fingerprint, which would give an attacker access to a Windows account as well as password-protected Web sites. A phony fingertip isn't necessary, since the unencrypted data can be captured, then "replayed" to the computer, fooling it into thinking a real finger was pressed on the reader.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed