USB Fingerprint Security Not That Secure After All

Biometrics is supposed to be the next big thing when it comes to personal security. After all, it operates on fingerprints and other characteristics that are unique to you, so it’s foolproof, right?

Apparently not, Slashdot reports. What’s worse, some products that use this technology have been found to be easy to bypass, rendering the so-called protection completely useless.

Manufacturers of USB sticks and cards with fingerprint readers promise us that their data safes can only be opened with the right fingerprint. In their tests, heise Security found that it is easy to bypass the authentication and get access to the protected data. This works by sending a single USB command, using the open source tool PLscsi, that changes the accessible partition. They found the vulnerability in several USB sticks that use the same chipset. The article concludes: ‘The fingerprint sensors in the products mentioned above apparently only serve one purpose: they mislead interested buyers. They do not provide any significant level of protection. We can only recommend that these products not be purchased.

Those in the software security industry will tell you that one of the biggest problems that they face is that their field is mostly reactive. What’s so bad about reacting to a vulnerability such as this one? They have to wait for the problem to occur first. There’s very little that can be done in terms of being proactive about it.

Fortunately, there are several third-party groups that perform independent testing of security products. In cases such as this, product-makers should do what Microsoft does: acknowledge the issue and address it. Considering all the technology involved, security in the digital age is certainly proving to be quite a classic tug of war.

Source: Slashdot

Short URL: http://gadget.ca/0v2