Friday, April 04, 2008

Researcher raises alarm about biometric hacking with "biologger" tool

Source: http://feeds.engadget.com/~r/weblogsinc/engadget/~3/263482389/

Filed under:

While attempts to bypass biometric security measures are certainly nothing new, a researcher from London-based Information Risk Management is now raising an alarm about a new area of biometric hacking, and he's even gone so far as to release the source code for proof-of-concept tool to really drive the point home. As PC World reports, IRM's Matthew Lewis has demonstrated what he describes as a "biologging" system, which actually intercepts and captures biometric data as it passes between the biometric scanner and the processing server, during which time it apparently isn't encrypted on many systems. That, Lewis says, opens up the possibility of so-called "man-in-the-middle" attacks," although there is the slight problem that the biologger needs to actually be inserted into the network in order to do its thing. Even so, Lewis says that such dangers do exist, and he's hoping that the release of the tool will encourage manufacturers to beef up their security.

[Image courtesy IRM white paper]

 

Read | Permalink | Email this | Comments