Microsoft Fingerprint Reader is hacked

Microsoft’s Fingerprint Reader, a biometric authentication device for PC’s on the market since 2004 has been hacked by Mikko Kiviharju, a researcher with the Finnish Defense Forces. He has published a report titled ‘Hacking Fingerprint Scanners or: why Microsoft Fingerprint Reader is not a security feature’,outlining in a very clear and concise manor how the fingerprint image taken by the scanner is not encrypted and thereby making it possible for someone to steal (or technically ’sniff’) the image.

The report was presented at a recent Black Hat Europe conference and can be found here. While Microsoft markets the scanner more as a convenient tool to log onto websites–rather than a security device–it is a bit scary knowing that an unencrypted scan of your fingerprint could be stolen and used for numerous dastardly deeds.

While hacking the image is apparently no simple feat (it requires physical access to your PC, for one), it’s still a bit unnerving to know that Microsoft for some reason has chosen to license the scanner without an encryption feature.