Major vulnerabilities in laptop fingerprint sensors found! Hackers can even bypass Microsoft Hello

Researchers have found critical vulnerabilities in fingerprint sensor-enabled laptops that may allow hackers to break in. These vulnerabilities are severe enough that using these, the researchers were able to completely bypass Microsoft Hello authentication. The new finding is concerning as many Windows laptop users use this added layer of protection to secure their devices, and hackers may take advantage of this to steal sensitive personal and financial information from users. During the study, the team was able to crack three different laptops — Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro — using these Microsoft Hello vulnerabilities.

Microsoft's Offensive Research and Security Engineering (MORSE) approached Blackwing Intelligence to conduct a study to evaluate the security of the top three fingerprint sensors embedded in laptops. These fingerprint sensors are also commonly used for Microsoft Hello authentication.

You may be interested in

MobilesTablets Laptops

7% OFF

Apple iPhone 15 Pro Max

• Black Titanium
• 8 GB RAM
• 256 GB Storage

Discounted price:₹148,900Original price:₹159,900

Buy now

23% OFF

Samsung Galaxy S23 Ultra 5G

• Green
• 12 GB RAM
• 256 GB Storage

Discounted price:₹115,999Original price:₹149,999

Buy now

Google Pixel 8 Pro

• Obsidian
• 12 GB RAM
• 128 GB Storage

₹106,998

Check details

Apple iPhone 15 Plus

• Black
• 6 GB RAM
• 128 GB Storage

₹87,900

Check details

34% OFF

Xiaomi Pad 6

• Mist Blue
• 6 GB RAM
• 128 GB Storage

Discounted price:₹26,299Original price:₹39,999

Buy now

55% OFF

Lenovo Tab M10 5G

• Abyss Blue
• 6 GB RAM
• 128 GB Storage

Discounted price:₹20,999Original price:₹47,000

Buy now

32% OFF

Realme Pad 2

• Imagination Grey
• 6 GB RAM
• 128 GB Storage

Discounted price:₹19,790Original price:₹28,999

Buy now

Honor Pad X9

• Gray
• 4 GB RAM
• 128 GB Storage

₹14,999

Check details

27% OFF

Microsoft Surface Studio A1Y 00022

• Platinum Silver
• 16 GB LPDDR4X RAM
• 512 GB SSD

Discounted price:₹179,990Original price:₹245,900

Buy now

7% OFF

Microsoft Surface Pro 8 8PV 00029

• Graphite Black
• 16 GB DDR4 RAM
• 256 GB SSD

Discounted price:₹139,999Original price:₹149,999

Buy now

47% OFF

Microsoft Surface 4 5UI 00049

• Platinum Silver
• 8 GB DDR4 RAM
• 256 GB SSD

Discounted price:₹98,000Original price:₹186,500

Buy now

28% OFF

Microsoft Surface Pro 7 M1866 VDH 00013

• Platinum
• 4 GB LPDDR4X RAM
• 128 GB SSD

Discounted price:₹74,000Original price:₹102,990

Buy now

Research finds big vulnerabilities in laptops with fingerprint sensors

The research was conducted for a period of three months, during which, all the three abovementioned laptops were broken into despite the presence of Microsoft Hello protection. Interestingly, the study reveals that all of the fingerprint sensors tested upon were “match on chip” or MoC type sensors instead of match on host type sensors. The former is generally considered to be more secure than the latter.

Dell Inspiron 15 emerged as a particularly vulnerable target during the testing period. It was found that the device displayed a number of concerns including poor coding quality and clear text communication.

In conclusion, Blackwing Intelligence found, “Microsoft did a good job designing SDCP to provide a secure channel between the host and biometric devices, but unfortunately device manufacturers seem to misunderstand some of the objectives. Additionally, SDCP only covers a very narrow scope of a typical device's operation, while most devices have a sizable attack surface exposed that is not covered by SDCP at all”.

It also added recommendations for vendors such as making sure that SDCP is enabled and conducting a qualified expert 3rd party audit.