Am 31.01.2018 um 17:21 schrieb Vulnerability Lab: > Hello Ben Tasker, > sorry if the title of the issue did lead you to misunderstand the > article. The currency is still secure. > The title refers to the information used for the issue. In case it was > misleading we will update it but you was the first who misunderstood > the article by comments. > > "The weakness, the theory goes, is that someone could register a > "fingerprint" in your system by using a banknote. This'd give them > access whilst also meaning you didn't at least have a hash of their > real fingerprint for forensics to find." > This is correct. Also the problem that others can access with the same > hologram into for exmaple the high protected area (mil & gov). > > > "Another theory is that users might opt to use a banknote instead of > their own fingerprint. I'm not quite sure what the likelihood of that > is, in that it's not exactly convenient, and if you're concerned about > privacy implications from a fingerprint scanner the best option is not > to use it." > > What about, if the fingerprint of lenovo (bug disclosed parallel to > us) is our european currency. Means the hardcoded fingerprints that > published parallel is exactly what we refer to when we talk about a > universal fingerprint. In the real life it is pretty easy to use it in > large companies due to the registration and as well on entrance. Maybe > you feel like the pratical interaction can not happen, we can confirm > you from germany we was successful. The government disallowed us to > register the fingerprint to the real system otherwise a compromise > could not be excluded.
-- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
