Security Researchers Bypassed Windows Hello Fingerprint Login
November 28, 2023 By Raulf Hernes
(Image Credit Google)
Is your computer's fingerprint scanner secure? Some smart people at Blackwing Intelligence discovered a way to fool the fingerprint system on Dell, Lenovo, and Microsoft laptops. They did this to show that the businesses making these laptops want to be extra cautious about safety.
Microsoft asked Blackwing Intelligence to check if their fingerprint component, called Windows Hello, was safe. Blackwing Intelligence got three months to try this task before a convention in October 2023. They selected three popular laptops—Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X. These laptops use extraordinary fingerprint sensors (Goodix, Synaptics, and ELAN).
Blackwing Intelligence located issues with each laptop's fingerprint sensor. They used a special USB component to take benefit of those issues and get around the fingerprint login. Microsoft has a protection element referred to as Secure Device Connection Protocol (SDCP), but it doesn't work properly inside the ThinkPad T13 and Surface Pro X. Blackwing Intelligence additionally figured out a way to get beyond the Inspiron 15's SDCP via transferring the fingerprint statistics to Linux.
Also Read: View Instagram Without an Account, Exploring Anonymously
Surprisingly, the Surface Pro X became the perfect to trick. Even though it's made by Microsoft and uses a unique Windows device, any USB thing can be fake to be the Surface Pro X's fingerprint sensor. The only actual undertaking changed into a test to look at how many fingerprints the detachable keyboard had registered.
The good news is that these tricks need someone to physically touch your laptop. So, if you're worried about it, you can turn off the fingerprint thing. But, this research shows that laptop companies, including Microsoft, need to be more careful about security.
Blackwing Intelligence wants all laptop and fingerprint thingy companies to use SDCP and get outside experts to check their security. For more details, you can read Blackwing Intelligence's blog post or watch their conference presentation called "A Touch of Pwn."