- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Biologger - A Biometric Keylogger
------------------------------------------------------------------------
SUMMARY
In the paper linked in the end IRM realized a proof-of-concept
implementation of a biometric keylogger, or "Biologger". While
conventional keyloggers are typically used to obtain passwords or
encryption keys to circumvent specific security measures, IRM's Biologger
will aim to capture biometric-related data between a biometric device and
other processing units, to be used and exploited in a number potential
attack vectors against the biometric system, such as manipulation of
biometric data and control signals, as per traditional man-in-the middle
attacks.
DETAILS
Conclusion:
The aim of this whitepaper is not to discourage the use of biometric
access control systems, but to encourage security by design with such
products and their deployments, and to highlight the possibilities open to
attackers or malicious employees with no more than the ability to
intercept traffic between such device s and other processing units.
Biometric device manufactures and system integrators cannot rely on
security though obscurity alone for the overall security of their devices
and systems. Deployment of biometric access control system within existing
infrastructures such as IP networks should involve careful identification
of the network traffic routing and the accessibility to biometric-related
data on those networks. Without adequate protection of the
confidentiality, integrity and availability of biometric access control
devices and their data, the threat of "Biologging" activities within those
enterprises employing such access control is real.
ADDITIONAL INFORMATION
The information has been provided by <mailto:andy.davis@irmplc.com> Andy
Davis.
The original article can be found at:
<http://www.irmplc.com/index.php/69-Whitepapers>
http://www.irmplc.com/index.php/69-Whitepapers
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment