Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Hacking USB Thumbdrives, Thumprint authentication
From: "Craig Pringle" <craig () pringle net nz>
Date: Mon, 26 Jan 2004 16:45:37 +1300 (NZDT)

I suspect that this device would be vulnerable to Dr. Tsutomu Matsumoto's
"Gummy Finger" attack as described here (the article is talking about
defeating a different type of device, but the gummy finger bit probably

Dr. Matsumoto's full presentation is a good read on the subject and is
available here:http://www.itu.int/itudoc/itu-t/workshop/security/present/s5p4.pdf

(If you actually try this I would be interested to hear how you get on!)



I'm interested in research regarding hacking USB drives
unlocked with a thumbprint


Or any thumbprint biometric hacking.

Client is considering USB drives to offload laptop data
and at first glance seems like a better solution
than keeping sensitive data on laptops. Encryption software
on laptops requires more password management and software
hassles. The above device has no software drivers to install
so deployment headaches are minimized with (what seems) like
better security (obviously not maximum security) at low
deployment cost.

I'm guessing one can take the flash chip off the device
and plug into regular USB drive. Or rewrite the thumbprint hash.
Or hacks to fool the drivers. Or reverse engineer the
login program to always return "Yes".

mje () secev com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]