November 22, 2023 at 05:39PM
Researchers have discovered vulnerabilities in Windows Hello’s fingerprint authentication system that allow hackers to bypass the security and login as someone else. The team found flaws in the communication between the software and hardware components of laptops using fingerprint sensors from Goodix, Synaptics, and ELAN. The vulnerabilities vary across different laptop models, with the Dell Inspiron 15 susceptible to an attack that utilizes Linux drivers to manipulate fingerprint associations and the Microsoft Surface Pro 8/X lacking any security measures between the chip and OS, allowing for easy login without a fingerprint.
Meeting takeaway: The meeting notes discuss research conducted by Blackwing Intelligence on bypassing Windows Hello’s fingerprint authentication. The research identified vulnerabilities in three laptops: Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro 8/X. The vulnerabilities were related to the communication between the software and the hardware, rather than an issue with Windows Hello or using fingerprints. The researchers outlined specific methods for bypassing authentication on each laptop model. They recommended device makers to review the report to ensure the design flaws are not present in their products. They also emphasized the importance of using Microsoft’s Secure Device Connection Protocol (SDCP) and enabling the connection between the sensor chips and Windows for enhanced security. Further details on the vulnerabilities will be provided by the researchers in the future.