Biometrics — like using your fingerprint as a password — is certainly convenient and are pretty commonplace on phones and laptops these days. While their overall security could be a problem, they certainly fit the bill to keep casual intruders out of your system. [Lewis Barclay] had some sensors gathering dust and decided to interface them to his Home Assistant setup using an ESP chip and MQTT.
You can see the device working in the video below. The code is on GitHub, and the only thing we worried about was the overall security. Of course, the security of fingerprint scanners is debatable since you hear stories about people lifting fingerprints with tape and glue, but even beyond that, if you were on the network, it would seem like you could sniff and fake fingerprint messages via MQTT. Depending on your security goals, that might not be a big deal and, of course, that assumes someone could compromise your network to start with.
Continue reading “Home Assistant Get Fingerprint Scanning”
You were promised Zoom news last week, but due to a late night of writing, that story was delayed to this week. So what’s the deal with Zoom? Google, SpaceX, and even the government of Taiwan and the US Senate have banned Zoom. You may remember our coverage of Zoom from nearly a year ago, when Apple forcibly removed the Zoom service from countless machines. The realities of COVID-19 have brought about an explosion of popularity for Zoom, but also a renewed critical eye on the platform’s security.
“Zoombombing”, joining a Zoom meeting uninvited, made national headlines as a result of a few high profile incidents. The US DOJ even released a statement about it. Those incidents seem to have been a result of Zoom default settings: no meeting passwords, no “waiting room”, and meeting IDs that persist indefinitely. A troll could simply search google for Zoom links, and try connecting to them until finding an active meeting. Ars ran a great article on how to avoid getting zoombombed (thanks to Sheldon for pointing this out last week).
There is another wrinkle to the Zoom story. Zoom is technically an American company, but its Chinese roots put it in a precarious situation. Recently it’s been reported that encryption keying is routed through infrastructure in China, even though the calling parties are elsewhere. In some cases, call data itself goes through Chinese infrastructure, though that was labeled as a temporary bug. Zoom was also advertising its meetings as having end-to-end encryption. That claim was investigated, and discovered to be false. All meetings get decrypted at Zoom servers, and could theoretically be viewed by Zoom staff. Continue reading “This Week In Security: Zoom (Really This Time), Fingerprints, And Bloatware”
It’s fair to say that fingerprints aren’t necessarily the best idea for device authentication, after all, they’re kind of everywhere. But in some cases, such as a device that never leaves your home, fingerprints are an appealing way to speed up repetitive logins. Unfortunately, fingerprint scanners aren’t exactly ubiquitous pieces of hardware yet. We wouldn’t hold out much hope for seeing a future Raspberry Pi with a fingerprint scanner sitting on top, for example.
Looking for a cheap way to add fingerprint scanning capabilities to his devices, [Nicholas] came up with a clever solution that is not only inexpensive, but multi-functional. By combining a cheap USB hub with a fingerprint scanner that was intended as a replacement part of a Thinkpad laptop, he was able to put together a biometric USB hub for around $5 USD.
After buying the Thinkpad fingerprint scanner, he wanted to make sure it would be detected by his computer as a standard USB device. The connector and pinout on the scanner aren’t standard, so he had to scrape off the plastic coating of the ribbon cable and do some probing with his multimeter to figure out what went where. Luckily, once he found the ground wire, the order of the rest of the connections were unchanged from normal USB.
When connected to up his Ubuntu machine, the Thinkpad scanner came up as a “STMicroelectronics Fingerprint Reader”, and could be configured with libpam-fprintd.
With the pintout and software configuration now known, all that was left was getting it integrated into the USB hub. One of the hub’s ports was removed and filled in with hot glue, and the fingerprint scanner connected in its place. A hole was then cut in the case of the hub for the scanner to peak out of. [Nicholas] mentions his Dremel is on loan to somebody else at the moment, and says he’ll probably try to clean the case and opening up a bit when he gets it back.
[Nicholas] was actually inspired to tackle this project based on a Hackaday post he read awhile back, so this one has truly come full circle. If you’d like to learn more about fingerprint scanning and the techniques being developed to improve it, we’ve got some excellent articles to get you started.
It’s the most wonderful time of the year! No, we’re not talking about the holiday season, although that certainly has its merits. What we mean is that it’s time for the final projects from [Bruce Land]’s ECE4760 class. With the giving spirit and their mothers in mind, [Adarsh], [Timon], and [Cameron] made a programmable lock box with four-factor authentication. That’s three factors more secure than your average Las Vegas hotel room safe, and with a display to boot.
Getting into this box starts with a four-digit code on a number pad. If it’s incorrect, the display will say so. Put in the right code and the system will wait four seconds for the next step, which involves three potentiometers. These are tuned to the correct value with a leeway of +/- 30. After another four-second wait, it’s on to the piezo-based knock detector, which listens for the right pattern. Finally, a fingerprint scanner makes sure that anyone who wants into this box had better plan ahead.
This project is based on Microchip’s PIC32-based Microstick II, which [Professor Land] starting teaching in 2015. It also uses an Arduino Uno to handle the fingerprint scanner. The team has marketability in mind for this project, and in the video after the break, they walk through the factory settings and user customization.
We have seen many ways to secure a lock box. How about a laser-cut combination safe or a box with a matching NFC ring?
Continue reading “All I Want For Christmas Is A 4-Factor Biometric Lock Box”
Maybe you suspected this already, but researchers at MSU Computer Science just published a paper explaining just how easy it is to spoof a fingerprint scanner with a ink-jet printed scan of a finger.
We’re not talking about casting a new finger using superglue or anything, but rather using conductive ink you can literally print — on paper. A paper-printed-fingerprint that will unlock your smartphone. We’ve already told you fingerprints suck for security, but hopefully this drives the point home.
[Kai Cao] and [Anil K Jain] released this paper (Direct PDF link) outlining their technique. Using an existing scan of a fingerprint (which can be taken from your phone’s scanner), the image is mirrored, and then printed using a regular ink-jet printer, with all of its color cartridges replaced with AgIC4 silver conductive ink.
Continue reading “Finger Print Scanners Really Aren’t That Secure”
We’ve got two hacks in one from [Serge Rabyking] on fingerprint scanning. Just before leaving on a trip he bought a laptop on the cheap. He didn’t pay much attention to the features and was disappointed it didn’t have a fingerprint scanner. Working in Linux he uses sudo a lot and typing the password is a hassle. Previously he just swiped his finger on the scanner and execution continued.
He found a cheap replacement fingerprint scanner on hacker’s heaven, also known as eBay. It had four wires attached to a 16 pin connector. Investigation on the scanner end showed the outer pair were power and ground which made [Serge] suspect it was a USB device. Wiring up a USB connector and trying it the device was recognized but with a lot of errors. He swapped the signal lines and everything was perfect. He had sudo at his finger tip.
Next he wonder if it would work with a Raspberry Pi. He installed the necessary fingerprint scanning software, ran the enrollment for a finger, and it, not terribly surprisingly, worked.
On Linux the command fprintd-enroll reads and stores the fingerprint information. By default it scans and saves the right index finger but all ten fingers can be scanned and stored. Use libpam-fprintd to enable account login using a finger. Anyone know how you can trigger other events using a different finger? A quick search didn’t turn up any results.
In true hacker style, [Serge] created his own fingerprint reader from a replacement part. But you can jump start your finger usage by purchasing one of many inexpensive available readers.
Who uses keys these days, really? Introducing the world’s first(?) biometric secured golf cart. Gives “push to start” a whole new meaning!
[Ramicaza] lives in a small community where many families (including his!) use golf carts to commute short distances, like to the grocery store, or school. Tired of sharing a key between his parents and siblings, [Ramicaza] decided to soup up his ride with a fingerprint sensor allowing for key less start.
He’s using an ATtiny85 and a GT511-C1 finger print sensor from SparkFun. After throwing together a circuit on a breadboard and testing the concept he went straight to a PCB prototype for install in the cart. What we really like is the case he integrated into the golf cart’s dash. It features a flip-up lid which turns the circuit on when it is opened, and off when it is closed to save battery. Scan your finger and a relay triggers the ignition allowing you to drive away.
Continue reading “Biometric Secured Golfcart Allows For Keyless Start”