the blog of david dean » fingerprint

Problems with Microsoft Fingerprint Reader

David Dean — Wed, 08 Mar 2006 02:09:21 +0000

Apparently the Microsoft Fingerprint Reader transmits the fingerprint images to the computer un-encrypted. Which is interesting because the technology it is licensed from has encryption built in, Microsoft apparently has just turned it off. Personally I don’t think it is a big deal anyway, as you could just lift a fingerprint from the reader anyway.

Digital Persona would not comment on why Microsoft may have turned off the product’s encryption capabilities, but one company official said that this decision is unlikely to affect the security of its users.

“The fact that they turned the encryption off, I would argue, does not in a practical sense open up any security holes,” says Chief Technology Officer Vance Bjorn. “Even with the encryption off, you’re going to have to basically have physical access to the person’s machine to crack into it.”

I agree with him, but only because I think fingerprint readers are useless even with encryption. But, isn’t stopping people with physical access to your computer the entire point of a fingerprint reader.

Link. [thanks Engadget]

Multifinger biometrics

David Dean — Thu, 30 Jun 2005 17:36:00 +0000

jkOnTheRun points to BiometricPIN system, which improves upon existing single-fingerprint readers by jointly recognising a number of fingers and the sequence that they are tapped in. This should reduce the spoofability of your biometrics, but I’m not sure it is a complete solution.

Bloggers vs Locks

David Dean — Thu, 19 May 2005 18:41:00 +0000

You’d thing the blogosphere was out to get lock makers, but seeing as how pointing out flaws in products designed to provide security is a good thing, I’m OK with it.

You may remember that you can use a bic pen to open bicycle locks, well now you can use a small roll of cardboard to open laptop locks (7.5 MB video link).

On another security related issue, here is a short how-to on faking fingerprints, also found on boing boing. The don’t seem to go on to actually test their fake fingerprint however, so Dan’s still got them beat.

OS Independent Fingerprint USB flash drive

David Dean — Thu, 06 Jan 2005 18:16:41 +0000

I don’t normally write about fingerprint devices for the consumer market, because they don’t interest me, and I’m not sure I trust my data to biometrics only. However, SecureID has pointed me to an interesting development of a drive that protects your data with a fingerprint, but does not require client software to be installed to get at that data (as I understand it).