Home » Technology » Hacking the fingerprint login feature on Windows computers

Hacking the fingerprint login feature on Windows computers

A group of researchers succeeded in bypassing the protection and security measures of the Windows Hello feature to log in on computers running the Windows operating system, from Dell, Lenovo, and even Microsoft computers themselves.

The security company Blackwing Intelligence indicated that its researchers were able to discover several security vulnerabilities in the fingerprint login system on Windows computers, which relies on fingerprint reading sensors from major companies such as Godex, Synaptics, and Elan, and this came within the framework of… Interactive presentation The company during the Microsoft BlueHat 2023 information security conference.

The report indicated that the seriousness of the new vulnerability lies in the widespread use of the fingerprint sensors being tested on personal computers that are widely used by business sector companies.

This discovery came in light of the collaboration of the Microsoft MORSE Attack Research and Security Engineering sector with Blackwing Intelligence to evaluate the level of security provided by fingerprint reading sensors.

USB key

The team of researchers from Blackwing Intelligence relied on developing a USB key capable of carrying out a “Man-in-the-MIddle” electronic attack on victims’ computers, which facilitates access to stolen computers or also violates the privacy of the computer owner, when he is not around. .

The researchers targeted 3 computers: the Dell Inspiron 15, the Lenovo ThinkPad T14, and the Microsoft Surface Pro

The researchers succeeded in reverse engineering the way the software parts of the Windows Hello system work, as well as the hardware components for fingerprint reading, in addition to discovering security vulnerabilities in the way the Synaptics sensor encodes fingerprint data.

In their detailed report, the researchers focused on the fact that the vulnerabilities are due to problems in the way manufacturers of fingerprint readers encrypt the data on board their devices, which opens a wide scope for hackers to target and penetrate these devices, while the researchers praised a protocol developed by Microsoft, called the Secure Device Connection Protocol, to secure data. Fingerprinting across Windows computers.

Microsoft announced in 2020 that approximately 85% of Windows 10 computer users use face or fingerprints, without relying on traditional passwords, to log in to their computers.

Bypassing the face recognition feature on the Windows Hello system is not a new incident, as a number of researchers succeeded in 2021 in circumventing the face recognition system, using an infrared image of the victim’s face, so they were able to manipulate the system and log in to the victim’s computer.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.