2023-11-23 18:00:00
Written by Samah Labib Thursday, November 23, 2023 08:00 PM Researchers have discovered security vulnerabilities in a number of fingerprint sensors used in many laptops that work with the Windows Hello authentication feature, as the main sensors that enable Windows Hello fingerprint authentication are not As safe as the manufacturers hoped. Security researchers at Blackwing Intelligence have discovered that laptops made by Microsoft can easily bypass their Windows Hello authentication due to vulnerabilities in the sensors that might cause them to be taken over by bad actors at the system level, according to a digitartlend report. Many laptop brands use fingerprint sensors from Goodix, Synaptics, and ELAN, and these vulnerabilities are starting to emerge as companies move to biometrics as their primary option for accessing devices. Over time, password usage will continue to decrease, and three years ago Microsoft claimed that 85% of its users were choosing to sign in to Windows Hello on Windows 10 devices via a password, according to The Verge. At the request of Microsoft’s Offensive and Security Engineering (MORSE) division, researchers shared details of various attacks that have plagued laptops that support fingerprint authentication at the brand’s BlueHat conference in October. One such attack is a man-in-the-middle (MitM) attack, which can be used to gain access to a stolen laptop, and another is a “maid-in-the-middle” attack, which can be used on an unattended device. Blackwing Intelligence researchers tested a few devices, all of which fell victim to various bypass methods as long as someone had previously used their fingerprint to access the devices. The researchers noted that the bypass entailed reverse engineering the hardware and software on the laptops, and they found flaws in the security layer of the Synaptics sensor. In particular, Windows Hello needed to be decrypted and refactored to bypass its setup process, but it was still vulnerable to hacking. Researchers note that Microsoft’s Secure Device Communication Protocol (SDCP) is a strong attempt to implement a security measure within biometric standards, as it allows for a more secure connection between a biometric sensor and its laptop. However, not all manufacturers have implemented this feature well enough to be effective, if they enable it at all, and SDCP was enabled in two of the three laptops examined in the study. Having more secure biometric laptops won’t just be a mission for Microsoft, Blackwing Intelligence noted that the initial remedy for securing Windows Hello-enabled laptops is to also enable SDCP on the manufacturer’s side. This study follows a 2021 facial recognition biometrics vulnerability in Windows Hello that allowed users to bypass the feature by making certain modifications, and Microsoft was forced to update its feature following researchers presented a proof of concept that displays users with masks or plastic surgery that bypasses facial recognition authentication in Windows. Hello.
1700773419
#Windows #faces #security #problem #fingerprint #sensor #Find #details
