# Biometric hack tool released



## Glaswegian (Sep 16, 2005)

A British security researcher has demonstrated a "biologging" system for intercepting biometric authentication data, warning that attacks on biometric systems could become relatively straightforward if current practices don't change.

Matthew Lewis, of London-based Information Risk Management, demonstrated a proof-of-concept biologger last week at Black Hat Amsterdam and released the tool's source code.

Biologger is designed to highlight what Lewis considers a defect in the design of many current biometric systems: the biometric data isn't encrypted between the biometric scanner and the processing server.

The tool identifies and captures such data, opening the way to exploits such as man-in-the-middle attacks, Lewis said.


http://www.techworld.com/security/news/index.cfm?RSS&NewsID=11863


----------



## Cellus (Aug 31, 2006)

As a side note, problems like this have been known in quieter circles for some time. It should also be noted that integrated scanning systems, such as USB keys and hard drives with fingerprint scanners commonly do not encrypt or even properly authenticate biometric data transmitted inside the devices themselves.


----------

