Access Control Systems using Power over Ethernet (PoE) Technology from Borer
Borer Data Systems - Power over Ethernet Access Control
 
 

News

spacer
 
spacer
   
spacer
   
spacer
   
spacer
   
 
  Borer Data Systems - Access Control | Attendance Management | ID Badge Production | Visitor Management
 
About Us
 
Products
 
News
 
Support
 
Contact Us
 

Industry News Articles

Elcomsoft reveals security flaw in fingerprint reading software

5 September 2012

In a advisory issued by ElcomSoft, it has been revealed that a security flaw has been discovered in the UPEK Protector Suite, the fingerprint reading software that had been shipped with majority of laptops equipped with UPEK fingerprint readers, until Authentec acquired the company and changed to a different software.

ElcomSoft reveals that until only recently, most major manufacturers, such as Acer, ASUS, Dell, Gateway, Lenovo, MSI, NEC, Samsung, SONY, Toshiba were using fingerprint readers that were manufactured by UPEK. 

The UPEK Protector Suite manages a fingerprint reading hardware using which users can do away with typing passwords and instead just have a single finger swipe to the same effect. Over a course of time, the UPEK Protector Suite caches the passwords and users are offered almost instant logins to websites.

ElcomSoft mentions in its post that when multiple laptops running the UPEK Protector Suite were analysed, it was found that several Windows account passwords were stored in Windows registry in almost plain text.

The post goes on to add that gaining access to a laptop running the UPEK Protector Suite, it was possible to get passwords to all user accounts, using the finger swipe login.

Importantly, ElcomSoft notes that the scope of the problem is very broad and is not limited to a specific laptop model or manufacturer. Users who have ever registered their fingerprints with UPEK Protector Suite to have almost instant logons and entered their account password there, are at risk, as per ElcomSoft.

The post advises that users when launching UPEK Protector Suite, should disable the Windows Logon Feature which should clear the stored password on your laptop.

Source: http://tech2.in.com/news/software/elcomsoft-exposes-security-flaw-in-fingerprint-reading-software/412772

return to top
Access Control Systems using Power over Ethernet (PoE) Technology from Borer