Comments on: UPEK Fingerprint Readers: a Huge Security Hole

By: PICCORO Lenz McKAY

PICCORO Lenz McKAY — Fri, 07 Jun 2013 13:10:21 +0000

this are obviously, upek need saves money on devel, so dont effor in good lisb to manage these devices,

another stupid windo-related problem…. LINUX RULES

By: hamza ben delaj

hamza ben delaj — Tue, 05 Mar 2013 02:19:17 +0000

good

By: Jorge Bernardo

Jorge Bernardo — Wed, 10 Oct 2012 16:33:41 +0000

Is this problem for Protector Suite QL?, this is the common version that the laptops with fingerprint readers use.
What happen if I use USB device and archive all the info on the device (not local)?

By: Per Thorsheim

Per Thorsheim — Sun, 23 Sep 2012 20:15:26 +0000

I have blogged my opinion on this case:
http://securitynirvana.blogspot.no/2012/09/elcomsoft-upek-more.html

By: Domi

Domi — Sat, 15 Sep 2012 22:16:27 +0000

If you use full-disk encryption along with the fingerprint reader you should be OK – since even with physical access to your HDD no one could read the contents of it. Of course when your OS is up and running it isn’t protecting you which may lead to privilege escalation, so it is a serious problem.

By: DanD

DanD — Wed, 12 Sep 2012 17:40:30 +0000

H-online.com uses info from you to say: “The passwords are encrypted with the AES cypher, but the encryption has apparently been implemented incorrectly. According to ElcomSoft, the key is always the same and can be reconstructed.”

http://www.h-online.com/security/news/item/Fingerprint-reader-reveals-passwords-1704058.html

But you say: “your Windows account passwords are stored in Windows registry almost in plain text, barely scrambled but not encrypted.”
I think you are over-simplifying here.

By: Michael

Michael — Sat, 08 Sep 2012 18:07:19 +0000

Can you make an image out of a fingerprint file into, for example, Photo viewer