Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprint-Protected USB Sticks Cracked

Posted by kdawson on from the going-around dept.

juct writes "Manufacturers of USB sticks and cards with fingerprint readers promise us that their data safes can only be opened with the right fingerprint. In their tests, heise Security found that it is easy to bypass the authentication and get access to the protected data. This works by sending a single USB command, using the open source tool PLscsi, that changes the accessible partition. They found the vulnerability in several USB sticks that use the same chipset. The article concludes: 'The fingerprint sensors in the products mentioned above apparently only serve one purpose: they mislead interested buyers. They do not provide any significant level of protection. We can only recommend that these products not be purchased.'"

6 of 166 comments (clear)

  1. Re:Fingerprint scanners suck. by explosivejared · · Score: 4, Funny

    As I've pointed out in previous post, you won't be truly secure until you can completely incinerate any non-authorized individual who touches the drive. Even passwords fall short. Encryption, biometrics, etc... pfft... you're not safe unless annihilation is ensured.

    --
    I got a catholic block.
  2. Re:Fingerprint scanners suck. by MyLongNickName · · Score: 4, Funny

    Passwords are much more secure at this point. No one is going to steal your password off an old soda bottle.

    My password is "Dr. Pepper" you insensitive clod!

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  3. Re:Fingerprint scanners suck. by Anonymous Coward · · Score: 0, Funny


    Passwords are much more secure at this point. No one is going to steal your password off an old soda bottle.


    Good point. They would have to get it from the yellow sticky note on the side of my monitor.

  4. Re:Fingerprint scanners suck. by njh · · Score: 2, Funny

    "how many bits of information can be reliably recovered from a fingerprint?". I'm sure the answer is positive;

    I'm certain it's not negative :)

  5. You haven't seen some password policies by Moraelin · · Score: 3, Funny

    Eh, the poor guy probably just had to put up with some password policy that says he has to have at least one non-letter character in the password.

    --
    A polar bear is a cartesian bear after a coordinate transform.
  6. Re:Fingerprint scanners suck. by Your+Pal+Dave · · Score: 4, Funny

    The problem is that you've got multiple passwords- one for work, one for Amazon.com, one for online banking, one for /., etc. etc. so it becomes virtually impossible to remember the damn things. Now what? People have to start writing them down, and posting them next to the machine. A huge part of the security of passwords comes from the fact that it's not physically written down; as soon as you have to record it instead of keeping it in your memory, your overall level of security is going down, even if the password is getting harder to crack. There's an easy solution to this, just store your passwords in one of those fingerprint-protected USB sticks that I've been reading so much about.