Reply to post: Re: Salt free

Clock blocker: Woman sues bosses over fingerprint clock-in tech

BinkyTheMagicPaperclip Silver badge

Re: Salt free

The third use case, which I've outlined below, is to synchronise biometrics back down to a replacement clock. Re-registering hundreds of employees is a little tedious.

If Kronos offer a fully managed service, it is entirely possible that they are hosting a clock server in addition to any HR solutions they provide (no idea, though).

This really is tinfoil hat territory. I mean, theoretically, IF you captured someone's fingerprint, then somehow turned it into a full fingerprint form that would work with a clock with a proper sensor (which would have to be the clocks only for the employee's work, or at least the same type of clock and sensor if you've hacked the clock server and downloaded all the templates to a clock), then either broke into the clock or the clock server, and determined the employee number. Then broke into the system with the employee's HR data, and then obtained personal information it's oh so very theoretically an issue.

However it would be far *far* easier to

1) Steal their fingerprint by dusting/etc if you want the fingerprint. After all you can't get their finger print from the clock.

2) Break/socially engineer access into the HR system based on more easily obtained employee information.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020