you have it measuring ELT

Danny van Dyk pointed out an interesting article about Mikko’s work on the Microsoft fingerprint scanners: Forscher hacken Microsofts Fingerprint Reader.

It’s in German, here’s Google’s English translation: Researchers chop Microsofts finger print reader.

The last paragraph, in real English:

Kiviharju wonders why Microsoft didn’t implement any Encryption. Quote: “Some experts who contacted me were as astonished as I was. It would have been a good product, but in the end, Microsoft screwed it.”

2 Responses to “you have it measuring ELT”

  1. Brant Gurganus Says:

    As it was not considered to actually secure the system, encrypting the image during transfer would have added more code that could have bugs. If they had decided for the product to secure the system, encrypting the image would be reasonable, but in its current state, there are times when it does not recognize the finger such as after a shower when the finger skin may be pealing and/or swelling due the increased moisture content.
    In addition, the Microsoft Fingerprint Reader is not built by Microsoft, just Microsoft-branded. I would doubt Microsoft is quite as thorough in reviewing products that they did not build even if they bear the Microsoft name.

  2. dsd Says:

    To enable encryption, you just enable a single *bit* in the firmware image. For more information here, read my other recent weblog articles.
    Digital Persona (the actual manufacturer) already provide libraries which handle the decryption, and they provide a SDK too.

    The unexplained part is why they chose to disable encryption, when all the code is already written (and is heavily used in the Digital Persona realm). By modifying the firmware, my Microsoft fingerprint scanner starts encrypting images.

Leave a Reply

You must be logged in to post a comment.