Some fingerprint scanners used for Windows Hello authentication contain serious vulnerabilities that allow attackers to bypass security and gain access to Dell, Lenovo and Microsoft laptops. This was reported by Border.
A team of researchers at Blackwing Intelligence analyzed three common fingerprint sensors from Goodix, Synaptics and ELAN built into laptops and used for Windows Hello security. Thanks to a special USB device, experts managed to fake biometric data and successfully hack the security of Dell Inspiron 15, Lenovo ThinkPad T14 and Microsoft Surface Pro X laptops.
Windows Hello is an authentication system for computers running the Windows operating system that allows users to sign in to their devices using a fingerprint or face scanner. Microsoft actively promotes this feature as an alternative to passwords, saying it provides a high level of security and convenience.
However, a study by Blackwing Intelligence found that Windows Hello browsers are not that reliable. The researchers found that two of the three devices tested did not use Secure Device Connection Protocol (SDCP), which is designed to provide a secure channel between the host computer and biometric devices. Additionally, they found a number of other problems in the implementation of fingerprint sensors, such as lack of authentication, incorrect error handling, and weak encryption.
The researchers warned that the vulnerabilities they discovered could be used by attackers to gain access to sensitive information, install malware or perform other malicious actions on other people’s laptops. They also noted that fixing these vulnerabilities would require a joint effort between Microsoft and manufacturers.
Previously update Broken icons on taskbar for Windows 11.