Hello,
I had an idea to use a capacitive fingerprint reader/sensor in one of my projects, so I did a little reasearch on them. The number of readers available for hobbyists seems to be quite limited and seems to be well represented by the waveshare offer:
https://www.waveshare.com/product/uart-fingerprint-sensor-d.htmSo, as I see it, the biggest reason of using a sensor like that is to prevent unwanted
physical access. In that case, how does it make any sense that those sensors have
no protection mechanisms for the MCU <-> sensor communication?
How they work is that first you configure them with your fingerprint(s) and then, when you touch the reader, it will notify the MCU that there is a fingerprint and it will send the index of the stored fingerprint (0 if there was no match). So the only thing that you need to do, to unlock the device, is:
- remove the fingerprint sensor
- connect to the MCU via UART that the sensor was using
- notify the MCU that there is a fingerprint ready
- respond to the MCU saying that the fingerprint was one of the valid ones
... and bam you've just unlocked the device!
Some of them give you an ability to set a password, but the only benefit to do so, is that it might slow someone down when trying to get your fingerprint data from the sensor itself (slow down, because you can still brute force the password once you have access to the sensor). It doesn't really do anything for the comms between MCU and if you want to get that password, you can simply evesdrop it before disconnecting the sensor from the MCU, since it's transmitted in plain text.
So am I missing something here? What's the point of using them? Is it only for projects that can guarantee (if such a feat was even possible) that the sensor cannot be disconnected from the rest of the device?
I should mention, that there is always an option to use a raw fingerprint sensor (e.g. FPC1020), but then you need to write the storing/matching algorithm yourself and I don't think that worth the time investment (especially with the seemingly limited number of resources on the subject).
And if you want to comment that once an attacker has physical access to the device you're doomed anyway then yeah sure. But we shouldn't make it easier for them. Decapping a chip, injecting faults or doing power analysis is much more work than evesdropping on an UART line and once you do that you have a fully unlocked device. Just like that.
Ok <rant off>. Comments welcome