Shostack + Friends Blog Archive


More Hardware Security Shown to be Bunk

Pix of bogus hardware

After showing that “encrypted” disk drives only encrypted the password you use, not the data, Heise-Online now shows that fingerprint-access is often bunk:

Manufacturers of USB sticks and cards with fingerprint readers promise us that their data safes can only be opened with the right fingerprint. It turns out that an easy-to-find tool allows nosy parties to get around the protection in some products.

Basically, all you have to do is get a low-level USB tool, PLscsi, and have it tell the device to ignore all that security stuff. Yes, I’m over-simplifying, but I’m disgusted. Read the article for details.