how is it done? intercepting email and bank details.

patman99

If you want to be really paranoid, then you could always use a fingerprint reader. No keyboard presses to record, or screen-grabs to worry about.

Ectophile

patman99 wrote: »

If you want to be really paranoid, then you could always use a fingerprint reader. No keyboard presses to record, or screen-grabs to worry about.

Just be careful never to leave your fingerprints on anything, in case somebody decides to make a fake finger from one.

Most fingerprint readers are unable to tell the difference between a real finger and a fake one made from jelly.

securityguy

patman99 wrote: »

If you want to be really paranoid, then you could always use a fingerprint reader. No keyboard presses to record, or screen-grabs to worry about.

Behave. Cheap unattended fingerprint readers are snake oil. Unless incredibly carefully implemented (at vast expense) they're trivial to fake for any network application.

Ectophile is firstly right to point out that they are very, very bad at telling real from fake fingers, and anyone able to get an impression of your fingerprint, off anything you touch, will be able to authenticate as you. As you will have to touch the fingerprint reader, anyone with access to it can probably make a replica.

But let's take a system which doesn't have that problem, like a palm vein reader. And let's assume an attacker who doesn't have physical access to your reader (ie, a man in another country wanting to steal your credentials).

Assume the attacker who can run malware on your system. As you're already assuming an attacker who can run a screengrabber and keylogger (if he can't, why are we having this discussion?) then it's reasonable to assume the attacker can run arbitrary malware.

Suppose the system works by sending an image of your fingerprint to the remote system to be authenticated there. Then the attacker just captures that message (which he can do) and replays it whenever he wants.

Suppose the system works by sending a message to say "yes, I've authenticated against my local copy, honest". Then the attacker just captures that message and replays it whenever he wants.

So your problem becomes finding a way to read a biometric, then send a message about it to the other end in such a way that you can tell the difference between the current authentication attempt, and the replaying of a previous authentication. It's technically possible, but it's expensive to do. You need a tamper-resistant device and some key material, but designing the protocols that use that device will be quite delicate.

Anyway, leaving aside the theoretical problem, there's a straight-up practical one. If someone steals your password/s, you can fix the situation. It might involve some frantic letter writing, password changing and money losses, but ten years later you'll be OK. Supose someone steals your fingerprint: they have a rubber mould of your finger of reasonable fidelity. Now what? The same problem applies to iris scanners (which can usually be fooled by photographs): once someone has a copy of your biometric, you are completed finished. You can't get a new one.

Palm vein readers are a bit better, because they can distinguish between live people and dead people or photographs of live people (they track the changes in the haemoglobin), but they still have all the problems about replaying messages. An attacker who can run malware on a machine that is performing a biometric authentication can fake that authentication later, given almost any reasonable assumptions about the attacker's capability. That's why you don't read much about biometric authentication in the literature these days.