Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Microsoft

Microsoft

Finnish Researcher Shows How to Hack Microsoft Fingerprint Reader

The company chose not to encrypt the scanned image

By Tudor Raiciu, Technology and Science Editor

7th of March 2006, 12:33 GMT

Adjust text size:


Despite Microsoft's efforts to give users a better security for the IT&C environment, it seems that there are some misunderstandings in Redmond; otherwise it's hard to understand why the company chooses to provide hackers with the right tool for their operations.

This time it's not about the Windows operating system or any other software product, the culprit
being a hardware device.

According to PC World, a Finnish security researcher was intrigued that Microsoft warns its users about Fingerprint Reader, a device which eases the authentication procedure. The company says that the device should not be used to protect confidential data, but for convenience.

In a report presented last week at the Black Hat Europe conference, the event which reunites hackers and security professionals, Mikko Kiviharju shows how hackers can get their hands on the image scanned by the device.

Although a potential attacker needs to have a good knowledge about security in order to steal the user's fingerprint, Microsoft's decision to prevent its clients from feeling completely secure is strange, to say the least, especially since protecting the image is not a difficult task.

As Mikko Kiviharju explains, Microsoft doesn't encrypt the image scanned by the Fingerprint Reader creating in this way an exploitable vulnerability. The Finnish researcher also says that the procedure to encrypt the image is rather simple for Microsoft, only a few firmware modifications being required.
Read by 4,502 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Fair (2.8/5) 6 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Drag-And-Drop Flaw Spotted in Internet Explorer

Microsoft Redefines the Computer and Reduces It to the Motherboard

Microsoft Out to Steal Apple's Thunder?

Windows Live Expo, Microsoft's Response to Google Base, Available to All Users

The Eolas Lawsuit Forces Microsoft to Release Update for IE6

Microsoft opens office in Bosnia, hoping to cut down piracy

Windows Vista Will Be Backdoor Free

User opinions:


Comment #1 by: asdf on 30 Mar 2008, 06:48 GMT reply to this comment

they dont encrypt because they know that there are plenty of other insecure ways to hack the device, encryption would send the message that the device is more secure than it really is. for example web passwords stored on any machine are rarely more secure than logging on, and this is much less secure--there is no easy way to encrypt data with a fingerprint scan so any critical information is on the hard disk and can be extracted. until the fingerprint scan can encrypt data, and have high certainty of being fooled by antother finger etc it is simply a novelty, small effort to circumvent

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive