On Tue, Sep 03, 2002 at 05:12:50PM -0700, Andrew Plato wrote: > > > And the biometric mouse is even easier to spoof, as it is a > > USB device, > > and USB is not a secure transport for data (there are free Windows USB > > snoopers that people use to reverse engineer Windows USB drivers for > > other operating systems.) So you don't even have to fake up a > > fingerprint, you can just send the host "valid" data from your USB > > device, and the host thinks you are the correct user. > > Oh, well then I guess we should all unplug our mice then and go back to typewriters. > > Again, if you have corrupted drivers on your machine, you have bigger > problems then spoofed biometrics. Trojans on computers and people > swiping coke bottles for fingerprints strikes me as larger problems > then merely faulty biometrics. No, this means I can just walk up to your machine, and plug my mouse in, replacing your biometric mouse. Then when the host asks for the biometric info, my mouse sends back the proper info, and access is granted. In short, a broken design :) See the c't article for more technical info on how to do this if you are interested. thanks, greg k-h
This archive was generated by hypermail 2b30 : Tue Sep 03 2002 - 17:49:37 PDT