Date: Tue, 23 Apr 2019 09:41:02 +0900 From: Seong-Joong Kim <sungjungk@...il.com> To: oss-security@...ts.openwall.com Subject: fprintd: found storing user fingerprints without encryption Dear all, I would like to report a vulnerability of 'fprintd'. 'fprintd' does not encrypt sensitive information before storage. *CWE-311: Missing Encryption of Sensitive Data* *Description:* ‘fprintd’ saves fingerprint template and without any encryption, to a file on the host. This could allow a process to access the stored fingerprint and then create natural-looking original fingerprint image. The stolen template can be replayed to the fingerprint authentication to gain unauthorized access. FYI, most commercial software products for fingerprint authentication provide fingerprint data (template) encryption. *Additional information:* It was found that 'fprintd' saves fingerprint template and without any encryption, to a file on the host. This could allow a process to access the stored fingerprint. In 'fprintd', MINDTCT feature extractor from the NIST Biometric Image Software (NBIS) extracts fingerprint minutiae that are compliant to ANSI INCITS 378-2004 and ISO/IEC 197942-2. The generated template file can be easily converted to ISO/IEC 19794-2 format since it is a minor modification of the earlier ANSI-INCITS 378-2004. Currently, it is well known threat model that the standard fingerprint template can be reverted to original fingerprint image. [1-5] are presented to create sophisticated and natural-looking fingerprints only from the numerical template data format as defined in standard format. They also successfully evaluated these approaches against a number of undisclosed state-of-the-art algorithms and the NBIS. *Resolve the vulnerability:* As per upstream, the only way to safeguard the fingerprint data is to run with SELinux, AppArmor or another LSM enabled one. (link: https://gitlab.freedesktop.org/libfprint/fprintd/issues/16#note_141207) Currently, Fedora and Red Hat Enterprise Linux have a safeguard the fingerprint data since they uses SELinux by default while Ubuntu and Debian did not. *Final remark:* Once fingerprint has been leaked, victims are leaked for the rest of life since it lasts for a life. It is necessary to prepare for the problem.  R. Cappelli et al., “Fingerprint Image Reconstruction from Standard Templates”, IEEE Trans. on Pattern Analysis and Machine Intelligence, vol.29, no.9, pp.1489-1503, 2007.  A. Ross et al., “From template to image: Reconstructing fingerprints from minutiae points”, IEEE Trans on Pattern Analysis and Machine Intelligence, vol.29, no.4, pp.544-560, 2007.  R. Cappelli et al., “Can Fingerprints be reconstructed from ISO Templates?”, IEEE ICARCV 2006.  J. Feng et al., “Fingerprint Reconstruction: From Minutiae to Phase”, IEEE Trans on Pattern Analysis and Machine Intelligence, vol.33, no.2, pp.209-223, 2011.  A. Rozsa et al., "Genetic Algorithm Attack on Minutiae-Based Fingerprint Authentication and Protected Template Fingerprint Systems", CVPR 2015. Sincerely, Seong-Joong Kim
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.