Cybersecurity Firm Successfully Bypasses Microsoft’s Windows Hello Fingerprint Authentication 

Source :  MalayMail

Image :  Springbroad

If you have a Windows laptop with a fingerprint sensor, you might use it to sign in with Microsoft’s Windows Hello. However, not all laptops with this feature are equally secure. 

Cybersecurity firm Blackwing Intelligence discovered security problems with fingerprint sensors on certain laptops. Microsoft’s MORSE team asked Blackwing to check the three most popular fingerprint sensors used in Windows Hello. Blackwing found vulnerabilities and successfully bypassed Windows Hello on different devices. 

They tested three laptops: Dell Inspiron 15, Lenovo Thinkpad T14s, and Microsoft Surface Pro X. Each had a fingerprint sensor from a different company: Goodix, Synaptics, and ELAN. Blackwing found unique vulnerabilities for each device and successfully bypassed Windows Hello in three ways. 

For the Dell Inspiron 15, they manipulated the biometric process by booting into Linux and using a man-in-the-middle attack. The Lenovo ThinkPad T14s lacked Microsoft’s SDCP, and even though the sensor supported it, Lenovo disabled it, using Synaptics’ custom protocol, which Blackwing bypassed. 

Surprisingly, the Microsoft Surface Pro X was the easiest to bypass. SDCP wasn’t implemented, and there was no authentication protocol. This meant any USB device could be recognized as the ELAN fingerprint sensor, unlocking the device. 

Blackwing stressed the effectiveness of SDCP and urged laptop manufacturers to enable it on Windows Hello fingerprint sensors before shipping. 

Note: This article is an original information from MalayMail and For the full details, please check the original source.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *