Re: SecureIDE with Fingerprint Reader: Email from company..
From: nemo outis (outis_at_erewhon.com)
Date: Fri, 12 Nov 2004 00:19:03 GMT
In article <2ECkd.3310$IQ.email@example.com>, "ChaosBlizzard" <ChaosBlizzard@no_spam_*hotmail*.com> wrote:
>Is he right about fingerprint's being so easy to bypass?
>He obviously wants a response.. So I will see what anyone here would like to
Yes, fingerprint IDing is (often) easy to bypass.
Aside from the brute force (but still very effective)
method of faking the fingerprint itself there is another
Most fingerprint readers use astoundingly primitive technology.
For instance, many are USB but there is NO authentication of the
fingerprint reader to the computer or vice versa. Moreover, the
communication channel is usually not encrypted - you need only
learn the transmission format.
This leads to all the standard exploits, such as MITM, replay,