Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Security

Submission + - Secure USB sticks cracked (heise-online.co.uk) 1

juct writes: "Manufacturers of USB sticks and cards with fingerprint readers promise us that their data safes can only be opened with the right fingerprint. In their tests, heise Security found that it is easy to bypass the authentication and get access to the protected data. This works by sending a single USB command — Command Descriptor Block — that changed the accessible partition. They found the vulnerability in the MyFlash FP1 from A-Data (USB-ID 1307:1169) and the 1GB Secure Card (USB-ID 7009:1765) sold by 9pay. The JetFlash 210 and 220 fingerprint sticks from Transcend use the chips in question and also provide access to the protected partition after transmission of a single USB command. The UT176 made by CySecure could also suffer from the same flaw, though they have not tested it yet."

Slashdot Top Deals

"It ain't so much the things we don't know that get us in trouble. It's the things we know that ain't so." -- Artemus Ward aka Charles Farrar Brown

Working...