While shopping for a USB fingerprint scanner for my PC, I found two types:
*match-on-host*, which lets the computer read the fingerprint scan’s data to verify your biometrics,
and *match-in-sensor*, which verifies your biometrics in the scanner itself then tells the computer that it succeeded.
Wouldn’t it be possible to make a USB device pretending to be a fingerprint scanner which responds to the computer’s request to scan with a pre-programmed success response? There must be some way for the computer to know whether a fingerprint scanner actually verified a fingerprint other than simply receiving a “yes it matches,” or it would be trivial for a bad actor to make a master key for any computer with biometric login and a USB port.
Does the computer store a digital key on the fingerprint scanner to confirm it’s the same hardware that the biometrics were originally set up with? or vice versa?
In: Technology
How it communicates: typically through a com port or something of similar nature. In terms of security, match-in-sensors have no security if you allow your computer to use any sensor for results. Normally, these sensors are both fabrically attached to devices of importance, and even then have encryption keys with each other so you can’t just desolder and resolder a different chip on just like that. Specifically, they both have private and public keys so that a third party cannot figure out the private keys. Of course, no device is secure if an attacker has the physical device – they can and will hack into it if given enough time and effort. For most general applications though, no one would bother trying to wipe the security key’s fingerprint or constructing a device that spoofs the encryption (which would either way usually require the deconstruction of either the original device). Security is, in a nutshell, the science of making something take more effort to unlock than is worth the contents.
Latest Answers