Security researchers have discovered security vulnerabilities in some fingerprint sensors used in laptops that work with Windows Hello authentication. According to the report, the main sensors that use fingerprint are not as secure as expected by manufacturers.
A study by Blackwing Intelligence researchers found that laptops made by Microsoft can easily bypass their Windows Hello authentication, due to vulnerabilities in the sensors that can be exploited by bad actors at the system level. Details of these vulnerabilities were presented at the BlueHat conference in October at the request of Microsoft.
Many laptop brands use fingerprint sensors from companies like Goodix, Synaptics, and ELAN, and the vulnerabilities of these devices are emerging with the increasing use of biometrics as the primary option for accessing devices. However, it was found that some companies did not implement these vulnerabilities well or did not enable the strong SDCP security measure provided by Microsoft.
In light of these discoveries, researchers point out the need to enhance the security of laptops that support Windows Hello authentication. They recommend enabling the SDCP feature by the manufacturer, as this procedure helps provide a secure connection between the biometric sensor and the laptop. Researchers warn of the need to conduct careful security tests on hardware and software to avoid potential security vulnerabilities, as it is often necessary to reverse-engineer and restructure laptops to avoid hacking.
FAQ:
What is Windows Hello?
Windows Hello is a feature in Windows 10 that enables users to sign in to devices using biometrics such as fingerprint and facial recognition instead of a traditional password.
What is Secure Device Communication Protocol (SDCP)?
Secure Device Communication Protocol (SDCP) is a security measure that provides a secure connection between a biometric sensor and a laptop, facilitating protection and authentication of fingerprint data and device access.
What are the most prominent vulnerabilities discovered in laptops?
Multiple security vulnerabilities have been discovered in Windows Hello-enabled laptops, including vulnerabilities exploitable via man-in-the-middle and “man-in-the-middle” attacks. Eliminating these vulnerabilities requires strong security and precautionary measures.
