The Long Dark Tech-Time of the Soul

This is a technology focused blog that describes my trials and tribulations with techonlogy which, no matter what brave new world is promised to be just around the corner, nearly always fails to live up to expectations.

Wednesday, September 08, 2004

Fingerprints

Okay I swear it was pure coincidence that today Microsoft launched a new standalone fingerprint scanner and a keyboard with integrated scanner in it. Part of the reason that fingerprints have any security associated with them at all is because they are rare at the moment. When fingerprint scanners become ubiquitous and widely accepted as "secure" any percieved security will go out of the window. Just go search Google for "gummy fingers" or read this article on how to make them.

Remember that when ever you offer up your finger to be scanned whoever is scanning the finger can then print and make a copy of your finger. Trojan horse scanners will be able to collect scads of prints, as will anyone with ready access to freshly printed materials. So the next time you're in Starbucks surfing the web by WiFi make sure you wipe down that coffee cup before its taken away. And you'd better clean off your cutlery at the local web cafe before it goes back to the kitchen - the manager or bus boy might just be making a nice big collection of prints to use for his retirement. This would be especially true if you're someone famous - such prints will soon become widely collected and disseminated.

Also remember that if you've ever entered this country on a visa waiver, have a green card, hold a drivers license in some states, or have ever gone "down town" for whatever reason, then your fingerprint is most definitely in the hands of the authorities. Believe me, if you PC is using a fingerprint scanner it will make hacking into it a whole lot easier when they come to install monitor software on it...

Finally, for those who might be going off to buy that nighty USB key that stores all your passwords, think about this: just be sure that every computer you ever plug it into has never been compromised. If not it may just be sucking every password off that device as soon as you plug it in - along with your master password. Oh sure you trust your computers, and your friends, and the web cafe. Really? Have you never suffered from a computer virus or adware? Do you know ever piece of software on your system and that it has no backdoors, intentional or otherwise in it? An what about the operating system? Does it really have no bugs that would let someone grab passwords as they are typed or feed to your browser?

I didn't think so.

Caveat emptor!

posted by Blog Gently @ 9/08/2004 05:25:00 PM 

1 Comments:

Blogger Dave said...

It's actually quite scary that fingerprints are still considered to be legitimate biometrics at all. Ask any forensics expert, or take a look at a history of their use in law enforcement and you'll see that they're quite open to interpretation. (NB: don't follow the links to "Did you know that fingerprints were used a signatures in ancient China" crap that you'll find on Google).

Theoretically, most of the error in identifying/using them is due to reproduction, but I seriously doubt that any so-called biometric device will accurately do so. Will a thumbprint USB drive keep casual hackers off your data? Possibly. But any claim that this is serious data security should make you laugh ...

5:03 PM  

Post a Comment

<< Home