Current Events: No need for jello, fingerprint USB sticks are easy to crack.
No need to go to great lengths to try to spoof finger print scanners on USB sticks. You can just tell the device that the data is public. Researches discovered this vulnerability in models from 9pay and A-Data fingerprint USB data sticks. The vulnerability lies in a fundamental design flaw: the signal to access the data comes from the PC, and is not computed on board the chip. This means all one has to do is send the correct signal and the stick happily discloses the data. This can be done with a very simple command from an opensource utility. The manufacturers commented admitting they were aware of the vulnerability, but that it was difficult enough that most people wouldn’t figure it out. A fine example of attempted security through obscurity.
The vulnerability is another instance of not checking the ends of a secure system. Just as the “secure” credit card decrypters pipe plaintext bits out their serial ports, the wrong part of the fingerprint system is secured. It seems like a pitfall of securing systems is operating in tunnel vision mode, where security engineers have a specific target attack in mind and they build the system to protect against that without closing or considering other gaping holes. In this case, it seems like the designers just don’t really care that the device is not secure as long as they sell it.
Bottom line is you’re better off with encrypted data or a good password.