Home > Latest News > Researchers Reveal Flaw With Microsoft’s Windows

Researchers Reveal Flaw With Microsoft’s Windows

Windows Hello fingerprint authentication sensors appear to be less secure than manufacturers hoped. Researchers discovered security flaws in multiple sensors used in various laptops with the feature.

Blackwing Intelligence researchers uncovered laptops made by Dell, Lenovo, and Microsoft can have the Hello fingerprint authentication bypassed due to vulnerabilities in the sensors.

Many of the brands use sensors from Goodix, Synaptics, and ELAN. The vulnerabilities are starting to surface as businesses transition to biometrics as a primary way to access devices.

As we progress through time, passwords will slowly become obsolete. Microsoft claimed, three years ago, that 85% of users were opting for the Hello sign-in on Windows 10 devices.

Following a request from Microsoft’s Offensive Research and Security Engineering (MORSE), researchers shared details of multiple attacks plaguing fingerprint authentication enabled devices.

One attack is a man-in-the-middle (MitM) attack, which is used to access stolen laptops. Another method is an “evil maid” attack, which is used on unattended devices.

Researchers tested a Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X, which saw all fall victim to multiple bypass methods.

It was noted the bypassing entailed reverse engineering of the hardware and software. Flaws were found in the security layer of the Synaptics sensor. Windows Hello was required to be decoded and restructured to get past the setup, but was still vulnerable to hacking.

It was also noted Microsoft’s Secure Device Connection Protocol (SDCP) is a decent attempt to apply security measures within the biometric standard, allowing for more secure communication between the sensor and the laptop.

It was revealed though, that not all manufacturers applied the feature well enough for it to be effective, if enabled at all. Two out of three examined had the feature enabled.

Blackwing Intelligence noted the initial remedy is to secure Windows Hello laptops with SDCP also enabled.

The study comes after a 2021 facial recognition biometric flaw inside Windows Hello, allowing users to bypass the feature with specific alterations.

The company was forced to update the feature after proof was found that users with masks and plastic surgery could bypass the authentication.



You may also like
Creepy Stalking Glasses Offer Grim Peek Into Future
Copilot+ PC Upgrade Deals With Fears Over Recall Feature
Windows 11 Update Delivers New Features To Copilot+ PCs
Dell & Tabcorp Order Workers Back To The Office
Google Files EU Antitrust Complaint Against Microsoft

Popular Posts

Amazon Releases Three New AI-Enabled Fire HD 8 Tablets
Latest News
/
/
Apple Watch Series 10
Apple Pulls Buggy WatchOS 11.1 Beta 3 Update
Latest News
/
/
New Moto Buds Launched In Australia
Latest News
/
/
SmartThings Feature Unveiled At Samsung Dev Conference
Latest News
/
/
Just An ‘Accounting Issue’ Claims Harry” Chatlani After Being Sued By Kogan
Latest News
/
/

Digital Magazines

Recent Post

Amazon Releases Three New AI-Enabled Fire HD 8 Tablets
Latest News
/
//
Comments are Off
Amazon has unveiled three new Fire HD 8 tablets: the Fire HD 8 (2024), Fire HD 8 Kids, and Fire...
Read More