Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Fingerprint copying.
Posted by: Skyphire
Date: August 14, 2012 08:41AM

Lot of PC's have fingerprint authentication, especialy laptops.

Fingerprints are the worst possible method for authentication. If a digital fingerprint is stolen (all are digitized nowadays) unlike a password, you cannot create another fingerprint. It's fixed forever to you. Which is incredibly weak security.

So what are the methods of stealing fingerprints on PC's? are there trojans who steal them? and what could we do with them?



Edited 1 time(s). Last edit at 08/14/2012 08:42AM by Skyphire.

Options: ReplyQuote
Re: Fingerprint copying.
Posted by: Skyphire
Date: August 14, 2012 08:51AM

Another idea:

Fingerprint software that detects a pattern in a print must be somewhat fuzzy otherwise authentication fails often. The software might set fixed points and measures it's distance. Hold your finger in a slightly different angle, and it still detects your print. So it must be fuzzy in a sense that it "scores" the points with some algorithm.

So can we bruteforce it?

There 7+ Bn people. Not a really large number in terms of computing. Think about the birthday attack. Could we bruteforce a fingerprint? Let's say we create rainbow table of computer generated fingerprints?

Something to think about...

Options: ReplyQuote
Re: Fingerprint copying.
Posted by: Skyphire
Date: August 14, 2012 09:08AM

Here is some current research:

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.7126&rep=rep1&type=pdf

In only 5000 tries they cracked 85 from 150 fingerprints, in later rounds they achieved 142 over 150 prints.

Pretty damn awesome.

Options: ReplyQuote
Re: Fingerprint copying.
Posted by: id
Date: August 15, 2012 01:28AM

I've cracked my way into a mid-size (~400M) trading firm's data center via biometric thumb scan using a pencil, tape and a copy machine. The first thing out of their security guy's mouth was "you're fuckin fucking me fuck, fuck fuck". It was supposed to be active biometrics, using both the fingerprint and checking for blood flow or heat, I'm not sure which, but it turns out my thumb pushing down on a photocopied imprint of whoever used it last was good enough.

Nothing really more fun in my line of work as when I get to break into physical DCs... I broke into 4 more of the same company's DCs using just a notebook, thought the security dude was going to cry when I tossed it under the door and activated the motion sensor they had unlocking the door from the inside...

-id

Options: ReplyQuote
Re: Fingerprint copying.
Posted by: Gareth Heyes
Date: August 17, 2012 03:47AM

@id

That's awesome haha proper sneakers shit going on there :D

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote


Sorry, only registered users may post in this forum.