Topic: [Warning!] [Misc] UPEK Fingerprint Scanners

Warning !

The Register wrote:

"UPEK fingerprint scanners insecure, says Elcomsoft
Dell, Acer, ASUS, Lenovo, Samsung, Sony and Toshiba may use holey biometric kit

By Richard Chirgwin

"Spines in laptop vendor-land are shivering right now with the news that fingerprint scanners from UPEK take users’ Windows passwords and dumps them in near-plain-text in the registry.

The security howler was turned up in the UPEK Protector Suite, which until recently shipped with laptops using the company’s scanners. While the software was replaced following the merger of UPEK and Authentec, Elcomsoft’s post notes that most users will not have installed the new software.

“UPEK’s implementation is nothing but a big, glowing security hole compromising (and effectively destroying) the entire security model of Windows accounts,” wrote Elcomsoft’s Olga Koksharova"
http://www.theregister.co.uk/2012/09/06 … iometrics/

Last edited by TechDud (2012-09-11 13:45:45)

Re: [Warning!] [Misc] UPEK Fingerprint Scanners

The latest 1.6.1 drivers suck too, the 1.6.0 were better IMO because they included enroll.exe

Re: [Warning!] [Misc] UPEK Fingerprint Scanners

I am not personally familiar with any UPEK product or driver.  Is it not Authentec that is supplying the newer drivers?  Was "enroll.exe" licensed from another entity?

They were apparently bitter rivals not long ago.  http://articles.orlandosentinel.com/201 … fringement

If only Melbourne-based Authentec could do for (formerly?) California-based UPEK's drivers what Qualcomm seems to have done for Atheros & their (formerly) poor network drivers (incl. WiFi).  Now it seems somewhat desirable to have Atheros networking hardware!

Now that this has become public, one could anticipate some change.  Whether that is good or bad, someday perhaps you will tell me.

Edit:  Until then; "Mythbusters" myth-busting conclusion plausibly busted!

Last edited by TechDud (2012-09-12 13:55:11)

Re: [Warning!] [Misc] UPEK Fingerprint Scanners

Michael Mimoso wrote:

"Researcher: Fix for UPEK Fingerprint Reader Encryption Woes Falls Short"
http://threatpost.com/en_us/blogs/resea … ort-101112

An update to this story here --> http://threatpost.com/en_us/blogs/deepl … fix-101112


I note that Apple acquired AuthenTec, including UPEK.
http://www.reuters.com/article/2012/07/ … KD20120727

Last edited by TechDud (2012-11-01 16:58:52)