‘Unhackable’ Biometric USB Offers Up Passwords in Plain Text

A USB stick dubbed eyeDisk that uses iris recognition to unlock the drive claims to be “unhackable” – only, it isn’t. After obtaining one of the gadgets, Lodge found that the device correctly paired to his eye, and he was able to unlock it using the biometric feature most of the time (two out of three attempts on average – there’s a backup password in case of failure). Using the popular network packet analyzer known as Wireshark, whose USBPcap function allows real-time packet-sniffing from a USB, Lodge was able to determine the that the device used Command Descriptor Blocks (CDB) to send commands to and from the device.

Source: threatpost.com