in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Fingerprint Readers On USB Memory Sticks No Match For Device Encryption

Heise Security is reporting that they’ve managed to bypass security in the form of fingerprint readers found on some USB memory sticks.  Such fingerprint readers are growing in popularity due to the increasing awareness for protecting confidential information and a way to easily remember passwords.  Fingerprints offer an ideal solution, or at least appear like one on the surface.

 

The hack requires the use of a freely available open source software.  Again, it affects only certain particular fingerprint readers found on USB flash drives, so it may not apply to the fingerprint reader on your USB drive, if you have one.  Heise’s recommendation is to either purchase a flash drive with a working fingerprint reader or, better yet, use a normal USB drive but encrypt its contents.

 

In many ways, the fact that fingerprint readers take a back seat to encryption shouldn’t come as a surprise.  If you’re a Mythbusters fan, you’ve seen how easily some scanners can be bypassed using a finger created out of ballistic gel.  Heck, if I remember correctly, some of them can be bypassed using a photocopy of one’s finger.  Of course, one should not assume that all finger-related biometric scanners can be so easily bypassed.  I assume that because Mythbusters is a TV show—a good one, but still one that requires ratings and hence a splash of controversy—it would have shown the really pathetic ones.

 

And if you’re old enough, you may have seen a MacGyver episode where he uses some scraped plaster to bypass a fingerprint scanner and gain access to some super‑secret underground military base.  Biometric system hacks have been around forever.

 

What’s also been around forever is encryption.  Indeed, that may be the reason why encryption is used for protecting information.  Encryption, or rather, cryptography, has many variation.  Julius Caesar used it when communicating with his generals; it was quite rudimentary, and I’d imagine that Jumble fans would easily crack it; but it was quite revolutionary at the time.  Then came the Vigenère cipher, which worked for a couple of centuries until Kasiski, Babbage, and others regularly broke it via letter frequency analysis.

 

When something breaks, people look for a better replacement.  And with the rise of machines and the realization that secure communications (and the ability to crack them) can mean the difference between losing and winning a war—as World War II and the Enigma machine clearly showed—a lot of people started looking for a new way to secure information channels.  In the age of computers, it’s been extended to protecting data at rest as well, like data residing on your computer’s hard drive.

 

The latest, most studied, and pretty much unbreakable form of encryption until quantum computers are developed is RSA, and it’s used in many data encryption solutions, including AlertBoot.  RSA uses the mathematical properties of prime numbers to encrypt and decrypt data, and with a handful of other cryptographic algorithms, is one of the few encryption methods that has stood up to the scrutiny of mathematicians and attempts at hacking.

 

But, this is the end result of literally hundreds of years of work—even thousands, if we’re to assume the study into cryptography started with Caesar.  It also benefited from and incorporated advances in math, technology, and computer science.  Biometrics, on the other hand, is a relatively new area, and those versed in how to read a fingerprint reliably may not find themselves to be as well versed when it comes to security application.  It’s time will come, in spurts and false starts, I’m sure, but for the time being encrypting your data with a strong password can’t be beat.

 

Besides, what are you gonna do if you have an accident and lose the tip of your finger, the one you use to access your data?

 
<Previous Next>

USB Device Encryption Lacking In UK Police Memory Stick Loss

When Drive Encryption Or Other Security Measures May Be Needed?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.