Brute-Forcing a Fingerprint Reader

It’s neither hard nor expensive:

Unlike password authentication, which requires a direct match between what is inputted and what’s stored in a database, fingerprint authentication determines a match using a reference threshold. As a result, a successful fingerprint brute-force attack requires only that an inputted image provides an acceptable approximation of an image in the fingerprint database. BrutePrint manipulates the false acceptance rate (FAR) to increase the threshold so fewer approximate images are accepted.

BrutePrint acts as an adversary in the middle between the fingerprint sensor and the trusted execution environment and exploits vulnerabilities that allow for unlimited guesses…

Continue reading Brute-Forcing a Fingerprint Reader

Passwords Are Terrible (Surprising No One)

This is the result of a security audit:

More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found.

[…]

The results weren’t encouraging. In all, the auditors cracked 18,174—or 21 percent—­of the 85,944 cryptographic hashes they tested; 288 of the affected accounts had elevated privileges, and 362 of them belonged to senior government employees. In the first 90 minutes of testing, auditors cracked the hashes for 16 percent of the department’s user accounts…

Continue reading Passwords Are Terrible (Surprising No One)

US Schools Are Buying Cell Phone Unlocking Systems

Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite:

Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology. Known as mobile device forensic tools (MDFTs), this type of tech is able to siphon text messages, photos, and application data from student’s devices. Together, the districts encompass hundreds of schools, potentially exposing hundreds of thousands of students to invasive cell phone searches. …

Continue reading US Schools Are Buying Cell Phone Unlocking Systems

BlackBerry Phone Cracked

Australia is reporting that a BlackBerry device has been cracked after five years: An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one of the state’s longest-running drug importation investigations. In April, new technology "capabilities" allowed authorities to probe the encrypted device…. No… Continue reading BlackBerry Phone Cracked

Lottery hacker gets 9 months for his £5 cut of the loot

We don’t care how little you made from your crimes, the judge said. We care that you went after an outfit that gives a ton to charities. Continue reading Lottery hacker gets 9 months for his £5 cut of the loot

US Government Admits It Doesn’t Know If Assange Cracked Password For Manning

An FBI agent admitted in a newly unsealed court document that the Department of Justice does not know whether Assange’s offer to help Manning came to fruition. Continue reading US Government Admits It Doesn’t Know If Assange Cracked Password For Manning