November 22, 2023 at 02:09PM
Security researchers discovered vulnerabilities in fingerprint sensors on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops. The researchers were able to bypass Windows Hello fingerprint authentication using man-in-the-middle attacks. Microsoft’s Secure Device Connection Protocol (SDCP) was supposed to prevent these attacks, but it was not enabled on two of the laptops. The researchers recommend that vendors enable SDCP on biometric authentication solutions.
Based on the meeting notes, here are the key takeaways:
1. Security researchers discovered vulnerabilities in the embedded fingerprint sensors used for Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops.
2. The vulnerabilities allowed the researchers to bypass Windows Hello authentication using man-in-the-middle (MiTM) attacks.
3. The researchers used software and hardware reverse-engineering, broke cryptographic implementation flaws, and decoded proprietary protocols to exploit the vulnerabilities.
4. Microsoft developed the Secure Device Connection Protocol (SDCP) to counteract these attacks, but it was not enabled on two out of three of the targeted laptops.
5. Blackwing Intelligence recommends that vendors ensure SDCP is enabled in their biometric authentication solutions to improve security.
6. Microsoft reported that an increasing number of users are using Windows Hello for device authentication instead of passwords.
These are the main points from the meeting notes. Let me know if there’s anything else you need assistance with!