Vulnerability Development mailing list archives
Re: Hacking USB Thumbdrives, Thumprint authentication
From: Philip Stortz <security.madscientist () earthlink net>
Date: Thu, 29 Jan 2004 02:52:23 -0600
it's easier than that, a researcher has show that it's trivial to make a "fake" fingerprint work, he did the work several years ago and has since commented that with current technology it could be done in as little as a few hours. the really, really sad thing, in most cases you can lift the "authorized" fingerprint right off the finger print checker! if not it will still be on the device or nearby keyboard. check the cryptogram reprints, it's also an excellent list to subscribe to! the researcher had no problem even fooling readers that claim to be able to detect a "live" fingerprint, and explains how to fool other types of scanners that people may come up with. fingerprints are worthless for authentication, possibly worse than voice as the fingerprints that need to be faked are persistent on surfaces so that even the cleaning people could do it, not just someone who works in the same office during normal hours, and a private office offers no protection in this case. basically you lift the fingerprint, scan it, and reproduce it in the type of gelatin used to make gummy bears (could easily be done with gummy bears, and you could eat the evidence!). this worked for optical and conductive sensors, and would likely also work for capacitive sensors though you might have to dope it or adjust the moisture content. to make the gummy bear type gelatin finger, you make a reverse image with photolithography on a circuit board, which is the way hobbyist make them, and the supplies are widely available, and use that to form the fake "finger tip" with finger print. it's a scam, like many, many security technologies. you're probably better off just putting them in a locking desk draw, and i'm sure a lot of tech savvy people and students are smart enough to figure it out even if they haven't read the paper, and obviously there are many possible variations, hell, wax or any number of other things, and if they aren't conductive, making them so isn't a problem with conductive paint which again would probably make them fool capacitive or conductive sensor! note that in the original japanese researchers' paper he was easily able to get nearly 100% recognition of his fake fingers. the methods in the previously mention australian paper were primitive by comparison. normally, you'd just add your contrast (toner is actually excellent for this!), gently brush off the extra (it's easy, as a kid i had a toy fingerprint kit), and then apply a piece of scotch tape. this tape can then be put directly on the surface of a scanner (clean the glass afterwards) and scan at the correct scale and a very high resolution. typically touch up isn't even necessary though it might help on the tricky ones. also some of the counter measures they suggest would not be workable, a pressed finger has little pulse (particularly in some people) and i don't think you can measure blood sugar or pulse except by transmission of a beam through it which would make things more bulky, and putting a thin fake fingerprint over your' finger would still work. testing for sugar could certainly be fooled just by adding a trace of sugar to the fake finger, and pulse by gently and rhythmically pressing on it. i'd really recommend the original paper, sorry i don't have the link handy. also the originally used gelatin which is more like that used in "gummy bears" is far thicker and more tolerant to room temperature and handling (apparently common in japan, and likely Japanese food stores, or from gummy bears in a pinch), you could make a thin one and glue it to your finger and most wouldn't notice it without taking a close look. in fact, since the circuit board is made by photolithography you could use the tape directly on the sensitized pc board, but sticking it to a transparency and scanning it gives you more than one chance and it's a lot easier to carry the print on tape if it's stuck to something, something clear in this case. note also that in this case, unlike cracking the case on the thumb drive, the culprit can not only read the data but is also free to modify it! this could be even more serious than a third party having the data if it were done in a subtle way that would cause later embarrassment or if it's a design for something it could completely derail a project and make it very hard to recover the original correct data, etc. if there's any code on it they could even conceivably introduce a virus that gave them access over the web or internal network to everything on the machine and thumb drive. the military has decided long, long ago that the only "secure" biometric system is retina prints, because no one can see or photograph those other than your' optomologist or someone else who has your consent or can look INTO your eyes and photograph the blood vessels in the retina which of course is normally not visible to the outside world. have you seen "gataca"? finger prints are a lot easier, and retina scans are simply impractical for most applications until the equipment becomes a lot cheaper (though i doubt you could fake those with a real eye, with a glass eye you could, but not cheaply. finally, it's silly to use fingerprints in addition to other measures, they just don't add that much for the cost involved. m e wrote:
I'm interested in research regarding hacking USB drives unlocked with a thumbprint
m e wrote:
I'm interested in research regarding hacking USB drives unlocked with a thumbprinti
Current thread:
- Re: Hacking USB Thumbdrives, Thumprint authentication, (continued)
- Re: Hacking USB Thumbdrives, Thumprint authentication Robin (Jan 26)
- RE: Hacking USB Thumbdrives, Thumprint authentication David Schwartz (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication Robin (Jan 27)
- RE: Hacking USB Thumbdrives, Thumprint authentication David Schwartz (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication Harlan Carvey (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Rev. Kronovohr (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Valdis . Kletnieks (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication Jon McClintock (Jan 26)
- RE: Hacking USB Thumbdrives, Thumprint authentication Gavin S (Jan 28)
- RE: Hacking USB Thumbdrives, Thumprint authentication hugh_fraser (Jan 26)
- Re: Hacking USB Thumbdrives, Thumprint authentication Peter Gutmann (Jan 27)
- Re: Hacking USB Thumbdrives, Thumprint authentication Philip Stortz (Jan 29)
- Re: Hacking USB Thumbdrives, Thumprint authentication Robin (Jan 26)