While attempts to bypass biometric security measures are certainly nothing new, a analyst from London-based earful* Risk Management is now raising an alarm about a new area of biometric hacking, and he's even gone so far as to release the source code for proof-of-concept tool to really drive the point home. As PC World reports, IRM's Matthew Lewis has demonstrated what he describes as a "biologging" system, which very intercepts and captures biometric data as it passes between the biometric scanner and the processing server, during which time it apparently isn't encrypted on many systems. That, Lewis says, opens up the achievability of titular "man-in-the-middle" attacks," much as there is the slight problem that the biologger needs to absolutely be inserted into the network in order to do its thing. Even so, Lewis says that such dangers do exist, and he's hoping that the release of the tool will encourage manufacturers to beef up their security.

[Image courtesy IRM white paper]