Spy Games with Fingerprint
Kit"> In the course of a further concrete assault approach we acted out a scenario of a theft of data by more professional means, theft of a kind that people engaged in the field of industrial espionage might be thought to be capable of. With the aid a fingerprinting kit that the regional Criminal Investigation Department of the German federal state of Lower Saxony was generous enough to make available to us we took fingerprints from glasses and CDs. We dusted the prints with graphite powder, secured them with adhesive film, and then after placing them on the scanner applied gentle pressure to the surface. Our success rate with this approach was very high, regardless of whether the system was in its normal or its extended security mode. A fingerprint kit supplied by the regional Criminal Investigation Department of the German federal state of Lower Saxony stood us in good stead.Eutrons fingerprint reader Magic Secure 3100 on the other hand is a product manufactured by the South Korean firm of Hunno and includes a CMOS TouchChip by STMicroelectronics. For covering the European market the Italian firm of Eutron merely relabels this combination of fingerprint scanner and optical USB scroll mouse. It too is a capacitive scanner with properties and weaknesses comparable to the product by Siemens: Approaches to deception via the regular sensory mechanism of the device, of the kinds described above, also lead to success. Though the breathing approach was not quite as reliable, the moment graphite powder came into play we were easily able to gain access to this system also. Reactivating a latent image can also be done with a little water in a plastic bag. The only product in the field tested to possess a special protective mechanism for the sensor surface of the capacitive scanner was Veridicoms 5th Sense Combo. A possible solution for this device that might have done away with the latent image problem once and for all after every use would have been to equip the underside of its protective spring-driven sliding cover with a miniature cleaning sponge. Besides the cover Veridicoms fingerprint reader is furnished with an integrated smart card reader. In the case of smart-card biometric-authentication applications the access check routine is no longer confined to the protected computer in question, the user can also seek authentication in relation to reference data stored on the smart card. Alas, Veridicom passed up the design opportunity for wiping away latent images on its device. We were able to outfox the device in much the same way we had outfoxed the others, expect that with the Veridicom scanner there was the slight additional difficulty that it was necessary to hold the sliding cover open with ones other hand or by sticking a matchstick in.
The Cherry G83-14000 keyboard had a comparable security behavior, which was not hard to predict as the insides of the keyboard scanner and that of Siemenss ID Mouse are identical. The former was thus without much ado outfoxed by the same procedures.