Re: [qubes-users] Integrated Laptop Fingerprint Scanner
495 views
Skip to first unread message
Message has been deleted
Andrew David Wong
Apr 30, 2016, 12:29:31 AM4/30/16
to Ucn01a, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-04-29 16:06, 'Ucn01a' via qubes-users wrote:
> What methods exist within Qubes OS for utilizing an integrated
> fingerprint scanner on a laptop?
I think it depends on how the fingerprint reader is wired internally.
Some people have reported readers that work at the BIOS stage. In
those cases, Qubes support may not be necessary (for that particular
use, anyway).
However, most people who send HCL reports seem to report not testing
the fingerprint reader since they have no desire to use it. So, most
of simply don't know to what extent they're supported.
If the fingerprint reader can be assigned to its own VM (ideally
separately from any USB controllers and other devices), that would be
ideal. If it can't, then you'd probably have to run untrusted
fingerprint reading software in dom0, which, depending on your threat
model, may not be worth it.
> What are the strengths and weaknesses of such hardware as it
> concerns security? How could such a device be exploited physically
> and digitally?
It depends on how sophisticated the device is. It's possible to fool
some readers with relative crude facsimiles. Others try to detect
things like pulse rate or skin conductivity and are harder to fool.
I've heard that in some cases, however, the protocol used by the
device for sending authentication data is so weak that it's possible
to bypass the biometrics entirely and feed a fake reading to the
software -- just like impersonating any USB device. (I don't have any
hard research on this, though, so take it with a grain of salt.)
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJXJDSjAAoJENtN07w5UDAwT4AP/0VXBhDgqV9OBGPlC41P1toX
35CjEPHtz98FO9DnMNhKdjFXgj+pY8R+HQzIEBpamWP3f7h+hP7p5Lzv5AO5+F4V
nXR5j22NMON3Zn57DLFEXQXzXcKPJgMqIwZBh33D+W2bO4d2kef/BCfBtHNAOARZ
aqssaP9z4g59ys/A6BANzRmYwIqyOP9YPhsUhkqLtpMbpdKAzzLihVdp8QFQyW38
y4trZd75i6CvPRaX6HscCZ0lHwPYkBr6YvUT0Ltj4pYSkgE82Bwa0DHyTYmtFORg
d4moiovVrn9quWnIsOPUgmBrx2cE8hcHC8cs8PpswY9LGj8tBHrT8upSJpzm1x02
MmmEbc3ytKm8fz5Xdz6aiFIGKNlqVekTFklWDWwaCM0/Y/zQQpZYP7kypnNVO3me
IPSjxCH2rCyJzsVH6cFVQBVTzcoRJvZplke6IFMTHLQWaSJRFc8jPWj/ImfDsZ3H
P//dWaTUIvsyAOX5/CqppQ6zIQ9OryErF5YKdKGK/1jTLLUGauTfMdNDicIplLUv
aoKK5KLwPTIRU7W7vryM1Ik5aH8wPwD6SyK72IE4bzz4zKHk6k+tR6rk/+pfav+b
nZBUuunl+08Tw79+n8pNiL8X2758Qhm1cU+pI8qmFEcr+yBvLirQJ1g+uTyoRo2x
ld54nbKlMnWX3y0JSQMx
=isXz
-----END PGP SIGNATURE-----
Hash: SHA512
On 2016-04-29 16:06, 'Ucn01a' via qubes-users wrote:
> What methods exist within Qubes OS for utilizing an integrated
> fingerprint scanner on a laptop?
I think it depends on how the fingerprint reader is wired internally.
Some people have reported readers that work at the BIOS stage. In
those cases, Qubes support may not be necessary (for that particular
use, anyway).
However, most people who send HCL reports seem to report not testing
the fingerprint reader since they have no desire to use it. So, most
of simply don't know to what extent they're supported.
If the fingerprint reader can be assigned to its own VM (ideally
separately from any USB controllers and other devices), that would be
ideal. If it can't, then you'd probably have to run untrusted
fingerprint reading software in dom0, which, depending on your threat
model, may not be worth it.
> What are the strengths and weaknesses of such hardware as it
> concerns security? How could such a device be exploited physically
> and digitally?
It depends on how sophisticated the device is. It's possible to fool
some readers with relative crude facsimiles. Others try to detect
things like pulse rate or skin conductivity and are harder to fool.
I've heard that in some cases, however, the protocol used by the
device for sending authentication data is so weak that it's possible
to bypass the biometrics entirely and feed a fake reading to the
software -- just like impersonating any USB device. (I don't have any
hard research on this, though, so take it with a grain of salt.)
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJXJDSjAAoJENtN07w5UDAwT4AP/0VXBhDgqV9OBGPlC41P1toX
35CjEPHtz98FO9DnMNhKdjFXgj+pY8R+HQzIEBpamWP3f7h+hP7p5Lzv5AO5+F4V
nXR5j22NMON3Zn57DLFEXQXzXcKPJgMqIwZBh33D+W2bO4d2kef/BCfBtHNAOARZ
aqssaP9z4g59ys/A6BANzRmYwIqyOP9YPhsUhkqLtpMbpdKAzzLihVdp8QFQyW38
y4trZd75i6CvPRaX6HscCZ0lHwPYkBr6YvUT0Ltj4pYSkgE82Bwa0DHyTYmtFORg
d4moiovVrn9quWnIsOPUgmBrx2cE8hcHC8cs8PpswY9LGj8tBHrT8upSJpzm1x02
MmmEbc3ytKm8fz5Xdz6aiFIGKNlqVekTFklWDWwaCM0/Y/zQQpZYP7kypnNVO3me
IPSjxCH2rCyJzsVH6cFVQBVTzcoRJvZplke6IFMTHLQWaSJRFc8jPWj/ImfDsZ3H
P//dWaTUIvsyAOX5/CqppQ6zIQ9OryErF5YKdKGK/1jTLLUGauTfMdNDicIplLUv
aoKK5KLwPTIRU7W7vryM1Ik5aH8wPwD6SyK72IE4bzz4zKHk6k+tR6rk/+pfav+b
nZBUuunl+08Tw79+n8pNiL8X2758Qhm1cU+pI8qmFEcr+yBvLirQJ1g+uTyoRo2x
ld54nbKlMnWX3y0JSQMx
=isXz
-----END PGP SIGNATURE-----
Kyle Rankin
Apr 30, 2016, 11:07:41 AM4/30/16
to qubes...@googlegroups.com
On Fri, Apr 29, 2016 at 07:06:54PM -0400, 'Ucn01a' via qubes-users wrote:
> What methods exist within Qubes OS for utilizing an integrated fingerprint scanner on a laptop? What are the strengths and weaknesses of such hardware as it concerns security? How could such a device be exploited physically and digitally?
>
I don't consider a fingerprint a secret (you leave a copy on whatever you
touch), and I wouldn't use a fingerprint reader as a substitute for a
password, but I think it's perfectly fine to use one as a substitute for a
username. I suppose it would be OK to use it as a second factor for 2FA,
except that unlike a hardware or software token, it's a lot easier to steal
and copy your fingerprint without your knowing.
Laptop fingerprint readers have been shown to be (in some cases trivially)
easy to fool, and someone who could get physical access to your laptop
could also get and copy your fingerprint. Also, unlike with a password,
when a biometric is compromised you can only revoke and replace it a
limited number of times.
Finally, given most laptop fingerprint scanners are USB devices, with Qubes
it would probably mean having to leave your USB controllers in dom0 where
you would be much better off having them in a usbVM.
-Kyle
> What methods exist within Qubes OS for utilizing an integrated fingerprint scanner on a laptop? What are the strengths and weaknesses of such hardware as it concerns security? How could such a device be exploited physically and digitally?
>
I don't consider a fingerprint a secret (you leave a copy on whatever you
touch), and I wouldn't use a fingerprint reader as a substitute for a
password, but I think it's perfectly fine to use one as a substitute for a
username. I suppose it would be OK to use it as a second factor for 2FA,
except that unlike a hardware or software token, it's a lot easier to steal
and copy your fingerprint without your knowing.
Laptop fingerprint readers have been shown to be (in some cases trivially)
easy to fool, and someone who could get physical access to your laptop
could also get and copy your fingerprint. Also, unlike with a password,
when a biometric is compromised you can only revoke and replace it a
limited number of times.
Finally, given most laptop fingerprint scanners are USB devices, with Qubes
it would probably mean having to leave your USB controllers in dom0 where
you would be much better off having them in a usbVM.
-Kyle
Reply all
Reply to author
Forward
0 new messages