• 03/07/2006
    6:40 PM
  • Network Computing
  • News
  • Connect Directly
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Microsoft's Fingerprint Reader Hacked

Microsoft's low-cost biometric device doesn't encrypt fingerprint images, leaving it open to hacking, a security researcher claimed. MS responds however that the tool was never designed to provide massive

"With no crypto, one will not even need a gelatin finger," he said in his presentation notes.

Microsoft licenses the underlying technology for its reader from Redwood City, Calif.-based Digital Persona; that company's U.are.U 4000 reader does encrypt image data.

But sans encryption, Kiviharju said, Microsoft's implementation of Digital Persona's technology exposes some of the latter's security methods to hackers.

"MSFR unencryption reveals some anti-forgery strategies used by Digital Persona elsewhere," said Kiviharju in an accompanying white paper. Among them: Digital Persona's use of a checksum.

Vance Bjorn, Digital Persona's chief technology officer, denied that any sensitive information about the technology had been disclosed to potential attackers by Microsoft's lack of encryption.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments