Found storing user fingerprints without encryption
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fprintd |
Fix Released
|
Unknown
|
|||
Debian |
Confirmed
|
Unknown
|
|||
apparmor (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
fprintd (Ubuntu) |
Triaged
|
Low
|
Unassigned |
Bug Description
Dear all,
I would like to report a new issue as follows.
‘fprintd’ saves a fingerprint data, ISO/IEC 19794-2 formatted, to a file on the host without any encryption.
Though fprintd generates fingerprint image with root permission for protecting the file from attackers, it is not of itself sufficient.
It is well known threat model that a formatted fingerprint data can be restored to original image about a decade ago.
[1-4] are presented to create sophisticated and natural-looking fingerprints only from the numerical template data format as defined in ISO/IEC 19794-2.
They also successfully evaluated these approaches against a number of undisclosed state-of-the-art algorithms and the NIST Fingerprint Image Software.
We need improvements of those issues.
[1] R. Cappelli et al., “Fingerprint Image Reconstruction from Standard Templates”, IEEE Trans. on Pattern Analysis and Machine Intelligence, vol.29, no.9, pp.1489-1503, 2007.
[2] A. Ross et al., “From template to image: Reconstructing fingerprints from minutiae points”, IEEE Trans on Pattern Analysis and Machine Intelligence, vol.29, no.4, pp.544-560, 2007.
[3] R. Cappelli et al., “Can Fingerprints be reconstructed from ISO Templates?”, IEEE ICARCV 2006.
[4] J. Feng et al., “Fingerprint Reconstruction: From Minutiae to Phase”, IEEE Trans on Pattern Analysis and Machine Intelligence, vol.33, no.2, pp.209-223, 2011.
Sincerely,
Seong-Joong Kim
information type: | Private Security → Public Security |
Changed in fprintd: | |
status: | Unknown → New |
no longer affects: | apparmor (Debian) |
Changed in debian: | |
status: | Unknown → Confirmed |
Changed in fprintd: | |
status: | New → Fix Released |
Red Hat Bugzilla: https:/ /bugzilla. redhat. com/show_ bug.cgi? id=1693356
Upstream Bug: https:/ /gitlab. freedesktop. org/libfprint/ fprintd/ issues/ 16