- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
March 06, 2006 | Comments: (0)
Microsoft's Fingerprint reader device can be hacked
Microsoft's Fingerprint reader should not be used, but not for the reasons in this article.
http://www.infoworld.com/article/06/03/06/76157_HNfingerhack_1.html
A year or so ago, I bought a Microsoft keyboard with the integrated fingerprint reader and installed on my wife's computer in the kitchen. I was interested in how well it did it's job.
As the article above points out, Microsoft recommends that you DO NOT use this device for security. Instead, it should only be used for convenience. This has bothered me from the start.
First, when I originally bought the keyboard, the "recommendation" was buried on page 12 of the written manual after you bought it and accepted the EULA. I believe now they publicize it more.
But it's exactly the convenience vs. security issue that bugs me.
You can't use Microsoft's fingerprint device to logon to a computer or network. The software only loads after you logon. It is mostly used so that people, when prompted at a web site for logon credentials, can simply use the fingerprint scanner instead.
During a previous logon to the web site, the user "trains" the fingerprint scanner and it then knows that when you go to that particular web site's logon screen, you can use your fingerprint instead. The fingerprint device scans your fingerprint, and then auto-types in the logon credentials that the user would normally type in manually.
This isn't convenience. This is security. Just because Microsoft says don't use the fingerprint scanner as a security device, I have a hard time believing people aren't. Matter of fact, I have an even harder time thinking of an instance of pure convenience that really isn't a security issue.
Is it a convenience issue if I don't care that much about my logon security?
On a related note, the constantly scanning red "laser beam" of the fingerprint scanner began to bother people in the house. Like a portrait painting where the woman or man's eyes follow you around the room no matter where you go, the red laser beam seemed to always catch people right in the eye. I think I almost had a seizure once. My wife took to covering it up with a yellow sticky note when not in use (maybe a little plastic cover would help), but after the whole security vs. convenience issue, we just unloaded the software that enabled the fingerprint reader part of the keyboard.
Posted by Roger Grimes on March 6, 2006 05:06 PM
RATE THIS ARTICLE:
-
- COMMENTS
