[Fingerforce-devel] Bug#926749: fprintd: stores user fingerprints as a standard template without encryption

Seong-Joong Kim sungjungk at gmail.com
Wed Apr 10 02:25:02 BST 2019 

Package: fprintd
Version: 0.7.0-1
Severity: important

Dear Maintainer,

It was found that fprintd saves fingerprint template and without any
encryption, to a file with root permission on the host.
This could allow a privileged process to access the stored fingerprint.
In fprintd, MINDTCT feature extractor from the NIST Biometric Image Software
(NBIS) extracts fingerprint minutiae that are compliant to ANSI INCITS
378-2004.
The generated template file can be easily converted to ISO/IEC 19794-2 format
since it is a minor modification of the earlier ANSI-INCITS 378-2004.
Currently, it is well known threat model that the standard fingerprint template
can be reverted to original fingerprint image.
[1-5] are presented to create sophisticated and natural-looking fingerprints
only from the numerical template data format as defined in standard format.
They also successfully evaluated these approaches against a number of
undisclosed state-of-the-art algorithms and the NBIS.

As per upstream, the only way to safeguard the fingerprint data is to run with
SELinux, AppArmor or another LSM enabled one.
(link: https://gitlab.freedesktop.org/libfprint/fprintd/issues/16#note_141207)
Currently, Fedora and Red Hat Enterprise Linux have a safeguard the fingerprint
data since they uses SELinux by default while Ubuntu and Debian did not.

Once fingerprint has been leaked, victims are leaked for the rest of life since
it lasts for a life.
It is necessary to prepare for the problem.


[1] R. Cappelli et al., “Fingerprint Image Reconstruction from Standard
Templates”, IEEE Trans. on Pattern Analysis and Machine Intelligence, vol.29,
no.9, pp.1489-1503, 2007.
[2] A. Ross et al., “From template to image: Reconstructing fingerprints from
minutiae points”, IEEE Trans on Pattern Analysis and Machine Intelligence,
vol.29, no.4, pp.544-560, 2007.
[3] R. Cappelli et al., “Can Fingerprints be reconstructed from ISO
Templates?”, IEEE ICARCV 2006.
[4] J. Feng et al., “Fingerprint Reconstruction: From Minutiae to Phase”, IEEE
Trans on Pattern Analysis and Machine Intelligence, vol.33, no.2, pp.209-223,
2011.
[5] A. Rozsa et al., "Genetic Algorithm Attack on Minutiae-Based Fingerprint
Authentication and Protected Template Fingerprint Systems", CVPR 2015.



-- System Information:
Debian Release: 9.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fprintd depends on:
ii  dbus                   1.10.26-0+deb9u1
ii  libc6                  2.24-11+deb9u4
ii  libdbus-1-3            1.10.26-0+deb9u1
ii  libdbus-glib-1-2       0.108-2
ii  libfprint0             1:0.6.0-2
ii  libglib2.0-0           2.50.3-2
ii  libpolkit-gobject-1-0  0.105-18+deb9u1
ii  policykit-1            0.105-18+deb9u1

fprintd recommends no packages.

fprintd suggests no packages.

-- no debconf information

More information about the Fingerforce-devel mailing list