Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Hacking USB Thumbdrives, Thumprint authentication
From: m e <mje () list intersec com>
Date: 28 Jan 2004 00:11:43 -0000

In-Reply-To: <20040127093134.79083dea.volker.tanger () discon de>

Excellent! I'm trying it on mine but can't get it to
kick in.

What causes the reader to take a reading? Temperature, lack 
of light? My reader will wait until it "senses" a thumb
is on the drive. Not sure what it is trying to "sense".

Thanks for the suggestion!


Greetings!

On Mon, 26 Jan 2004 14:43:12 -0500 "Deras, Angel R./Information Systems"
<derasa () MSKCC ORG> wrote:
When we investigated fingerprinting products, two colleagues cracked
the system by using a paper photocopy of a finger.  

There's an even less technical approach presented ~ a year ago by the
German c't magazine (http://www.heise.de/ct/02/11/114/default.shtml),
that worked with a surprising number of the fingerprint readers: first
you clean the reader (with a bit of wet/soapy cloth) and wait for a user
to authenticate. After he left, you simply login by aspirating against
the reader...

Probable explanation: each finger pressed against the reader lets some
greasy residue left behind - in the form of a fingerprint. By aspirating
water vapor condenses (preferrably) at the non-greasy parts (fat and
water don't mix) - in the form of a valid fingerprint. Warm breath seems
to confirm the life detection - et volia!

Scary - but seemed to be sufficient for a number of devices...
:-(

Volker Tanger
ITK-Security

---------------------------------------------------------------------------
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]