Hacking Fingerprint Scanners - Why Microsoft'S Fingerprint Reader Is Not A Security Feature
No ratings
Presented at Blackhat Europe 2006 by
In this paper we describe the findings from the tests performed with Microsoft Fingerprint Reader. In the driver installation files Microsoft warns against using this product as a security device, but does not explain why. The tests indicate twofold reasons: the lack of online encryption between the MSFR device and the corresponding drivers, and the optical nature of the scanner, which seems to allow duplicated fingers with little effort. Because of the lack of encryption and the use of third party hardware, the MSFR testing also revealed a fingerprint image forgery prevention mechanism present in the third party hardware, and opens up another replay attack along with fake fingers. We also present a key management omission in Griaule SDK‚s biometric information encryption.