It’s fair to say that fingerprints aren’t necessarily the best idea for device authentication, after all, they’re kind of everywhere. But in some cases, such as a device that never leaves your home, fingerprints are an appealing way to speed up repetitive logins. Unfortunately, fingerprint scanners aren’t exactly ubiquitous pieces of hardware yet. We wouldn’t hold out much hope for seeing a future Raspberry Pi with a fingerprint scanner sitting on top, for example.
Looking for a cheap way to add fingerprint scanning capabilities to his devices, [Nicholas] came up with a clever solution that is not only inexpensive, but multi-functional. By combining a cheap USB hub with a fingerprint scanner that was intended as a replacement part of a Thinkpad laptop, he was able to put together a biometric USB hub for around $5 USD.
After buying the Thinkpad fingerprint scanner, he wanted to make sure it would be detected by his computer as a standard USB device. The connector and pinout on the scanner aren’t standard, so he had to scrape off the plastic coating of the ribbon cable and do some probing with his multimeter to figure out what went where. Luckily, once he found the ground wire, the order of the rest of the connections were unchanged from normal USB.
When connected to up his Ubuntu machine, the Thinkpad scanner came up as a “STMicroelectronics Fingerprint Reader”, and could be configured with libpam-fprintd.
With the pintout and software configuration now known, all that was left was getting it integrated into the USB hub. One of the hub’s ports was removed and filled in with hot glue, and the fingerprint scanner connected in its place. A hole was then cut in the case of the hub for the scanner to peak out of. [Nicholas] mentions his Dremel is on loan to somebody else at the moment, and says he’ll probably try to clean the case and opening up a bit when he gets it back.
[Nicholas] was actually inspired to tackle this project based on a Hackaday post he read awhile back, so this one has truly come full circle. If you’d like to learn more about fingerprint scanning and the techniques being developed to improve it, we’ve got some excellent articles to get you started.
https://www.aliexpress.com/item/Security-USB-Biometric-Fingerprint-Reader-Password-Lock-For-Computer-Laptop-PC-L059-New-hot/32818596252.html
chinese unknown provider usb security device, hey what can go wrong?
Lenovo is a chinese company.
And they have a great track record with security.
that was sarcastic right? https://www.techdirt.com/blog/?company=lenovo
Yes ‘him’, it rather obviously was.
I think on HaD people are aware of Lenovo.
known US provider with mandatory 3-letter organizations backdoors…what could possibly go wrong?
Actually not much if you use it on Linux The worse thing the device can do is store your print on the device that is in your control. The driver would have to be compromised to send your prints to someone else. If the device is sane and uses a cert/key exchange with the device to Auth “you can check that in the driver as well” then it is probably crypto secure. The hardware is really not something you have to sweat all that much it is the driver. BTW I worked on a super secure fingerprint scanner in the past. How secure? We used AES to encrypt the data over the spii bus between our custom ASIC and the interface mcu. At no time where we ever contacted by any government agency about putting in a backdoor. II find the paranoia over the NSA, FBI, and CIA really kind of weird. It is some kind of strange narcissistic disorder. The truth is that the vast majority of people will be of no interest to those agencies. They really do not care about spying on you.
Not to mention, is it even worth trying to compromise a fingerprint reader? It’s not like they are terribly secure to start out with, like the article alludes to it’s not hard to get someone’s fingerprint.
I wish toilet seats were fingerprint authenticated. Maybe then people wouldn’t leave one up when they flush or take a dump.
Servo a five second interval from a 555 timer and a pressure switch. Add to push a soft closing seat. Done.
Do you think anyone is going to want to touch that fingerprint reader? What about after it’s been peed on five or six times?
Thatsthejoke.png
The unresolvable problem with *all* biometrics is “certificate revocation”. Certificate revocation is easy with credit cards: just get another card issued.
When, not if, your biometric certificate is compromised by hackers/incompetence/sale etc, how do you get another certificate?
Yes, I do realise that is not really a dreadful concern for homebrew systems!
Just cut off compromised certificate and your body will grow a new certificate.
“If Axolotls Did Tech…”
You have ten certificates.
I only have three eyes, and one of those isn’t suitable for biometrics. Oh, I also have one face.
But that doesn’t change the cardinal point, of course.
Deep brain surgery for the pineal gland, amIrighte?
Nope; it is a real albeit vestigial eye that is useful for two things.
Firstly for demonstrating to evolution-deniers that half an eye is useful (more like 1% really!). Pit vipers have a slightly more evolved and slightly directional variant.
Secondly for preventing burns which might occur when eating too hot food.
I am, of course, referring to the heat receptors between the upper lip and the nose.
“It’s fair to say that fingerprints aren’t necessarily the best idea for device authentication, after all, they’re kind of everywhere. But in some cases, such as a device that never leaves your home, fingerprints are an appealing way to speed up repetitive logins. ”
Yubikey. Just push the button.
I have a yubikey glued to my front door, just push the button.
That is what happens in the restroom shortly after consuming a pint.
What a great use for all those fingerprint scanners we’ve taken out of our ThinkPads by now to replace with Black Magic Probes!
“fingerprint scanners aren’t exactly ubiquitous pieces of hardware yet”
You’re right, it’s not as if one could easily pick up “a fingerprint scanner that was intended as a replacement part of a Thinkpad laptop” which has a USB-ordered pinout. Oh, wait…
Good application of the tech, glad it was shared, don’t care if it’s technically a hack or not. But come on, HaD can do better writing things up. Oh, wait…
Do you not know what the word “ubiquitous” means?
A ubiquitous piece of tech is one that is available everywhere. Not “available” like you can order it online and install it yourself, “available” like it’s built into everything you have. Which is what the second sentence goes on to say, but you didn’t include that because it reinforces the part you did quote and makes it harder for you to sound like you had a point to make.