More USB Snake Oil
I’m still busy recovering from the excellent Source Boston conference and I will post a recap soon but I wanted to get this out there.
Last week I wrote about RFID enabled external hard drives that supposedly offered secure encryption of your data that turned out to be simple XOR. Well now USB thumb drives with integrated fingerprint readers have been found to be just as much Snake Oil. Hiese Security has reviewed several of the devices and have found it very easy to bypass the security of all of them. Companies that make crap like this should be found criminally responsible for fruad.
People see biometrics and automatically think they are secure, same thing when they see the word ‘encryption’. Your fingerprint is not a secret, you leave thousands of copies lying around everyday. In addition once the attacker has physical access to the device then your security will be compromised, fingerprint or not.
Oh, and I hope everyone had fun on Pi Day yesterday.