Researchers have found critical vulnerabilities in fingerprint sensor-enabled laptops that may allow hackers to break in. These vulnerabilities are severe enough that using these, the researchers were able to completely bypass Microsoft Hello authentication. The new finding is concerning as many Windows laptop users use this added layer of protection to secure their devices, and hackers may take advantage of this to steal sensitive personal and financial information from users. During the study, the team was able to crack three different laptops — Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro — using these Microsoft Hello vulnerabilities.
Microsoft's Offensive Research and Security Engineering (MORSE) approached Blackwing Intelligence to conduct a study to evaluate the security of the top three fingerprint sensors embedded in laptops. These fingerprint sensors are also commonly used for Microsoft Hello authentication.
The research was conducted for a period of three months, during which, all the three abovementioned laptops were broken into despite the presence of Microsoft Hello protection. Interestingly, the study reveals that all of the fingerprint sensors tested upon were “match on chip” or MoC type sensors instead of match on host type sensors. The former is generally considered to be more secure than the latter.
Dell Inspiron 15 emerged as a particularly vulnerable target during the testing period. It was found that the device displayed a number of concerns including poor coding quality and clear text communication.
In conclusion, Blackwing Intelligence found, “Microsoft did a good job designing SDCP to provide a secure channel between the host and biometric devices, but unfortunately device
Read more on tech.hindustantimes.com