I'm a huge supporter of using smartcards to go around this type of threat, but most biometric applications are not so this can be important information. It has to do with systems that have some kind of exposure to the data between the reader itself and the processing unit.
Keep in mind - the hacker would need access to the data transmission to the database used to authenticate and control. If that's part of the reader - than I'm fairly confident that this does not apply unless the reader's easy to pop open. Even then it's a different process than what's outlined here.
This focuses on systems where the reader is connected - via lan/wan to a control server or backup server. I want to highlight the back-up server angle. This is a historically loosley secured method that always deserves a second look. You may only be connecting to the back-up server once a day or even longer but when you do - look at how that's done specifically.
Information Risk Management PLC is the company who released this.
The Register published the article
packet storm hosts the paper
(image from IQBio)
