Date: Wed, 8 May 2019 00:44:42 +0900 From: Seong-Joong Kim <sungjungk@...il.com> To: oss-security@...ts.openwall.com Subject: Re: fprintd: found storing user fingerprints without encryption Please check the following links. - @Upstream: https://gitlab.freedesktop.org/libfprint/fprintd/issues/16 - @Ubuntu: https://bugs.launchpad.net/ubuntu/+source/fprintd/+bug/1822590 - @Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1693357 - @Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926749 - @openSUSE: https://build.opensuse.org/request/show/701312 2019년 4월 23일 (화) 오전 9:41, Seong-Joong Kim <sungjungk@...il.com>님이 작성: > Dear all, > > I would like to report a vulnerability of 'fprintd'. > > 'fprintd' does not encrypt sensitive information before storage. > *CWE-311: Missing Encryption of Sensitive Data* > > *Description:* > ‘fprintd’ saves fingerprint template and without any encryption, to a file > on the host. > This could allow a process to access the stored fingerprint and then > create natural-looking original fingerprint image. > The stolen template can be replayed to the fingerprint authentication to > gain unauthorized access. > FYI, most commercial software products for fingerprint authentication > provide fingerprint data (template) encryption. > > *Additional information:* > It was found that 'fprintd' saves fingerprint template and without any > encryption, to a file on the host. > This could allow a process to access the stored fingerprint. > In 'fprintd', MINDTCT feature extractor from the NIST Biometric Image > Software (NBIS) extracts fingerprint minutiae that are compliant to ANSI > INCITS 378-2004 and ISO/IEC 197942-2. > The generated template file can be easily converted to ISO/IEC 19794-2 > format since it is a minor modification of the earlier ANSI-INCITS 378-2004. > Currently, it is well known threat model that the standard fingerprint > template can be reverted to original fingerprint image. > [1-5] are presented to create sophisticated and natural-looking > fingerprints only from the numerical template data format as defined in > standard format. > They also successfully evaluated these approaches against a number of > undisclosed state-of-the-art algorithms and the NBIS. > > *Resolve the vulnerability:* > As per upstream, the only way to safeguard the fingerprint data is to run > with SELinux, AppArmor or another LSM enabled one. > (link: > https://gitlab.freedesktop.org/libfprint/fprintd/issues/16#note_141207) > Currently, Fedora and Red Hat Enterprise Linux have a safeguard the > fingerprint data since they uses SELinux by default while Ubuntu and Debian > did not. > > *Final remark:* > Once fingerprint has been leaked, victims are leaked for the rest of life > since it lasts for a life. > It is necessary to prepare for the problem. > >  R. Cappelli et al., “Fingerprint Image Reconstruction from Standard > Templates”, IEEE Trans. on Pattern Analysis and Machine Intelligence, > vol.29, no.9, pp.1489-1503, 2007. >  A. Ross et al., “From template to image: Reconstructing fingerprints > from minutiae points”, IEEE Trans on Pattern Analysis and Machine > Intelligence, vol.29, no.4, pp.544-560, 2007. >  R. Cappelli et al., “Can Fingerprints be reconstructed from ISO > Templates?”, IEEE ICARCV 2006. >  J. Feng et al., “Fingerprint Reconstruction: From Minutiae to Phase”, > IEEE Trans on Pattern Analysis and Machine Intelligence, vol.33, no.2, > pp.209-223, 2011. >  A. Rozsa et al., "Genetic Algorithm Attack on Minutiae-Based > Fingerprint Authentication and Protected Template Fingerprint Systems", > CVPR 2015. > > Sincerely, > Seong-Joong Kim > >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.