David Irvine wrote:
First of all I don't have much experience with biometric scanners, so I may be off the mark with my guesses...Sorry of this mail is a bit off the line and discussed a thousand times. 'But'What's peoples opinions on beating keyloggers and does biometrics help at all, i.e if a fingerprint scanner gets logged then is this worse cause you cant really change your finger? Just looking for opinion - if I am not asking the correct type of question please ignore this. David
As I understand it a fingerprint scanner does not send the fingerprint itself to the computer but uses the fingerprint to unlock an internal storage containing a private key (or maybe a password). So you don't have to contact a surgeon if your machine is compromised, just storing a new key in the device should suffice. ;)
Now, I guess most (if not all) biometric scanners used for logon are recognized by the OS as a smartcard reader, where the fingerprint just replaces the PIN (which would normally have to be entered using the cardreader's pinpad). If that's the case the keylogger will not compromise your login credentials, since usually the keyboard is not used at all. And even if the logger could snoop the communication between computer and the device it could only read the OS's challenge and the device's response (which would be the signed challenge), which is quite useless unless you can provoke the OS to reuse the challenge.
So keyloggers should be no problems if the device works like outlined above. Typically the vector of attack on such a device would be to steal the device and trying to trick it into unlocking it's storage without the correct finger being placed on the sensor. Which might be as easy (this would surely depend on the quality of the sensor) as placing an adhesive tape with the owner's fingerprint on it on the sensor...
But I agree, this is a bit off-topic on this list. ;) Hope it helps anyway. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
