juct writes "Manufacturers of USB sticks and cards with fingerprint readers promise us that their data safes can only be opened with the right fingerprint. In their tests, heise Security found that it is easy to bypass the authentication and get access to the protected data. This works by sending
a single USB command — Command Descriptor Block — that changed the accessible partition. They found the vulnerability in the MyFlash FP1 from A-Data (USB-ID 1307:1169) and the 1GB Secure Card (USB-ID 7009:1765) sold by 9pay. The JetFlash 210 and 220 fingerprint sticks from Transcend use the chips in question and also provide access to the protected partition after transmission of a single USB command. The UT176 made by CySecure could also suffer from the same flaw, though they have not tested it yet." Link to Original Source
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
7 secure flash drives reviewed [slashdot.org]. Though this headline isn't very good, this article really only reviews the secure drives that use fingerprint readers.
Probably a good follow-up to ... (Score:2)