Blackwing Intelligence, a specialized cybersecurity firm, was recently commissioned by Microsoft to assess the security of leading fingerprint sensors embedded in laptops for Windows Hello authentication.
Focused on high-end hardware and software security, the researchers conducted an evaluation of three prominent fingerprint sensors found in laptops manufactured by Dell, Lenovo, and Microsoft’s Surface Pro series.
Following three months of meticulous research, they uncovered significant vulnerabilities in all three fingerprint sensors, enabling the complete bypass of Windows Hello authentication systems.
The evaluated laptops included the following:
The revelation of three reliable bypasses in Windows Hello authentication showcases the critical nature of these vulnerabilities.
Biometric authentication serves as a convenient login method, particularly beneficial in mobile settings. It offers users the ability to opt for longer passwords for data protection while enjoying easy device access throughout the day.
While Microsoft’s Secure Device Connection Protocol (SDCP) aimed to establish a secure link between hosts and biometric devices, manufacturers seem to misconstrue its objectives.
Moreover, SDCP’s coverage is limited and does not encompass the broader attack surface of most devices.
An alarming discovery was that two out of the three targeted devices lacked enabled SDCP, amplifying concerns regarding device security lapses.
The findings from Blackwing Intelligence raise serious questions about the efficacy of Windows Hello fingerprint authentication in ensuring robust security measures.
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
