Printed from http://www.electronista.com

Fingerprint identification flaw allows PC password retrieval

updated 11:00 pm EDT, Tue October 9, 2012

Apple-owned Authentec's software at fault, exploit available

Several PC security firms have independently verified a weakness in Authentek's UPEK Protector Suite that allows hostile users with physical control of a machine to rapidly recover Windows account passwords. The software is pre-installed in Windows-based PCs by makers including Dell, Gateway, NEC, Samsung, Sony, and Toshiba. An open-source exploit of the flaw has been released by a pair of security researchers so that paid intrusion testers can exploit the weakness.

Last month, password-cracking tool developer Elcomsoft warned that the UPEK software possibly makes users less secure than they would be due to the insecure storage of user passwords in the registry, with light encryption easy for hackers to break. When UPEK isn't activated, Windows does not store account passwords in the registry unless the user has configured an account to automatically log in -- but once the user has done so even once, the passwords are stored even after permission for auto login has been revoked.

"From a penetration testing perspective, local administrator access is required to obtain the necessary registry key's value, so it only matters if you already have control of the PC," Brandon Wilson, one of the security consultants, told Ars Technica in an interview. "But since so many of these devices are used in corporate environments, it makes it easy to obtain domain credentials, and from there, easily expand an attack to other systems."

Apple bought out AuthenTec in July, and as is normally the case for the company, the acquisition appears to have been solely to support its own products, with rumors pointing to a discontinuation of non-Apple uses of the technology in 2013. Neither Apple nor Authentec has commented on the security flaw.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News