‘Biologger – A Biometric Keylogger’


In the paper linked in the end IRM realized a proof-of-concept implementation of a biometric keylogger, or ‘Biologger’. While conventional keyloggers are typically used to obtain passwords or encryption keys to circumvent specific security measures, IRM’s Biologger will aim to capture biometric-related data between a biometric device and other processing units, to be used and exploited in a number potential attack vectors against the biometric system, such as manipulation of biometric data and control signals, as per traditional man-in-the middle attacks.’


‘The information has been provided by Andy Davis.
The original article can be found at: http://www.irmplc.com/index.php/69-Whitepapers


The aim of this whitepaper is not to discourage the use of biometric access control systems, but to encourage security by design with such products and their deployments, and to highlight the possibilities open to attackers or malicious employees with no more than the ability to intercept traffic between such device s and other processing units. Biometric device manufactures and system integrators cannot rely on security though obscurity alone for the overall security of their devices and systems. Deployment of biometric access control system within existing infrastructures such as IP networks should involve careful identification of the network traffic routing and the accessibility to biometric-related data on those networks. Without adequate protection of the confidentiality, integrity and availability of biometric access control devices and their data, the threat of ‘Biologging’ activities within those enterprises employing such access control is real.’

Categories: Reviews