NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0459 Biometric Systems are Hackable:
A security consultant has found a way to intercept biometric data being sent on computer networks
from fingerprint scanners such as those used at US borders. The consultant works with London-based
Information Risk Management. A former British government information assurance official who worked
on biometric issues, demonstrated and released proof-of-concept osoftware code for a tool he calls
the biologger at the Black Hat Eruope computer security conference in Amsterdam last week. He said
his device was the biometric equivalent of a key-logger, a software package that hackers use to
steal password or encyrption-key data from compromised computer systems. He told the conference his
device could steal the data, allowing attackers to hack the system, either by "spoofing" data from
the reader to make it look like an imposter's fingerprints matched someone else's, or by faking
signals to the reader, telling it the print was a match. Getting access to the system would be the
key, he said, adding the best way to avoid such hacks would be to use strong encryption for all data
exchanges on biometric systems.
(UPI 02APR08)