Researchers Uncover Vulnerabilities in Apple-Owned Biometrics Software
The security of AuthenTec, a biometrics company purchased by Apple in June, is being called into question when an independent team of security researchers say they found serious vulnerabilities in AuthenTec’s fingerprint scanning software that make it easy for hackers to take control of PCs using the scanners.
According to an article from Business Journal, researchers found that UPEK Protection Suite, which allows users to sign into different applications on their computer using their thumbprint rather than a password, actually stores those passwords in the computer’s registry in a format that is easily decrypted by a hacker.
Brandon Wilson, one of the security consultants who confirmed the hack, says that the attack is only useful if the hacker was already controlling a target computer, however, that makes anything the infiltrated computer connects to much less secure, the article says.
For Apple, this is particular worrying because of the speculation surround the possibility of using the technology to security the iPhone. And, because many of these computers are used in corporate environments, it’s easy to take control of one computer and expand the attack to other systems and devices, the article says.