Menu

Filter by
content
PONT Data&Privacy

0

Fingerprints to be stolen via custom smart lock

With a modified smart lock, it is possible to steal fingerprints. Picking up a device already makes theft of biometric data possible. That's according to research by Steve Kerrison of James Cook University in Singapore.

Information Security Netherlands September 12, 2022

Droplock attack

Inexpensive IoT devices are increasingly equipped with fingerprint sensors. A malicious person can steal a fingerprint image via a less secure IoT device. In this way, he can gain access to another device or account. In his publication, Kerrison calls this a droplock attack.

Two scenarios

According to the researcher, there are two scenarios. The first is as follows: when someone picks up a device equipped with a fingerprint scanner, it scans their fingerprint and transmits it. This happens without the victim noticing. The second scenario involves smart locks with a fingerprint sensor. Kerrison managed to use a debug interface to overwrite the firmware of a smart lock. This allowed him to scan fingerprints and send them via bluetooth to a nearby device or attacker.

Debug interfaces

Protection against these attacks is possible by disabling debug interfaces and accepting only signed firmware updates. Also, end users should be more alert to rogue IoT devices, Kerrison said.

Click here (1) for Steve Kerrison's paper.

  1. https://arxiv.org/pdf/2208.13343.pdf

Share article

Comments

Leave a comment

You must be logged in to post a comment.