Vulnerability Development: Re: Hacking USB Thumbdrives, Thumprint authentication

[Adeel Hussain <ad33lh () hotmail com>]

In-Reply-To: <002f01c3eab8$e6e03040$1400000a () bigdog>

I think many of you are hitting the nail on the head.  

Biometrics authenticate based on "something you are".  Biometrics fall down if the digital representation of what you 
are is available to a third party.  It's like giving your password to a company (or several companies) and still 
expecting it to be secure.

All it takes is a less than moral company, a security breach or internal threat to expose a company’s data and that 
could include the biometric data they have collected.  As biometrics get cheaper and more "out of the box" solutions 
are produced I think you will see allot of companies move to them because of the perceived security benefits.  With the 
more companies that use biometrics the greater the risk of data being exposed.

Think it is far fetched that your biometrics could be exposed?  From my personal experience I have been involved with 
two areas that used biometrics for identification.  Both were work related so I had a choice of use it or get a new 
job.  Another place that biometrics has been introduced is the US border.  Most people entering the US, who are not US 
citizens or citizens of exempt countries/groups, will have photo and fingerprint data collected.  Now my next 
questions, do you trust the US government to keep your data safe?  To use it appropriately? Do you trust most major 
corporations?  Where do you draw the biometric line and what are you willing to give up to protect "what you are"?

Adeel