Major vulnerabilities in laptop fingerprint sensors found! Hackers can even bypass Microsoft Hello | Tech News

Major vulnerabilities in laptop fingerprint sensors found! Hackers can even bypass Microsoft Hello

Researchers have found critical vulnerabilities in fingerprint sensor-enabled laptops and highlighted that these can even let hackers bypass Microsoft Hello authentication.

By: HT TECH
| Updated on: Nov 24 2023, 14:03 IST
Microsoft Hello
Microsoft Hello authentication can be bypassed by hackers due to vulnerabilities present in fingerprint sensors commonly used in laptops, a study by Blackwing Intelligence have found. (Reuters)
Microsoft Hello
Microsoft Hello authentication can be bypassed by hackers due to vulnerabilities present in fingerprint sensors commonly used in laptops, a study by Blackwing Intelligence have found. (Reuters)

Researchers have found critical vulnerabilities in fingerprint sensor-enabled laptops that may allow hackers to break in. These vulnerabilities are severe enough that using these, the researchers were able to completely bypass Microsoft Hello authentication. The new finding is concerning as many Windows laptop users use this added layer of protection to secure their devices, and hackers may take advantage of this to steal sensitive personal and financial information from users. During the study, the team was able to crack three different laptops — Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro — using these Microsoft Hello vulnerabilities.

Microsoft's Offensive Research and Security Engineering (MORSE) approached Blackwing Intelligence to conduct a study to evaluate the security of the top three fingerprint sensors embedded in laptops. These fingerprint sensors are also commonly used for Microsoft Hello authentication.

Research finds big vulnerabilities in laptops with fingerprint sensors

The research was conducted for a period of three months, during which, all the three abovementioned laptops were broken into despite the presence of Microsoft Hello protection. Interestingly, the study reveals that all of the fingerprint sensors tested upon were “match on chip” or MoC type sensors instead of match on host type sensors. The former is generally considered to be more secure than the latter.

Dell Inspiron 15 emerged as a particularly vulnerable target during the testing period. It was found that the device displayed a number of concerns including poor coding quality and clear text communication.

In conclusion, Blackwing Intelligence found, “Microsoft did a good job designing SDCP to provide a secure channel between the host and biometric devices, but unfortunately device manufacturers seem to misunderstand some of the objectives. Additionally, SDCP only covers a very narrow scope of a typical device's operation, while most devices have a sizable attack surface exposed that is not covered by SDCP at all”.

It also added recommendations for vendors such as making sure that SDCP is enabled and conducting a qualified expert 3rd party audit.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 24 Nov, 13:42 IST
Tags:
NEXT ARTICLE BEGINS