Windows PC Fingerprint Readers Compromised? Researchers Claims to Bypass Security Feature

Is this not as good as Apple's biometric security feature?

Over the years, manufacturers of Windows PCs have released fingerprint readers and biometric authentication to their laptops, and according to new research, it was found that this could be accessed and bypassed. The study sheds light on the Windows PC's security features, one of the login methods available for applicable PCs, seeing an exploit to its protective capabilities.

Computers have shipped with fingerprint readers, and for some, facial recognition systems, but what is the point of trusting these security measures if they can be hijacked?

Windows PC Fingerprint Readers Compromised? Researchers Claim

Microsoft Surface Pro
Microsoft

Blackwing Intelligence released its report regarding Windows PC's fingerprint scanning technologies, with Microsoft's Offensive Research and Security Engineering (MORSE) tapping into its services to evaluate its security.

The company claimed that it looked into the top three fingerprint sensors in Windows-powered laptops that use the Windows Hello authentication program. This includes the Dell Inspiron 15, Lenovo's ThinkPad T14, and the Microsoft Surface Pro Type Cover with Fingerprint ID for the Surface Pro 8 and X.

Its research has found that there was a vulnerability in the systems through their reverse engineering process of the software and hardware, further claiming that it was able to break cryptographic implementation flaws in a custom TLS (Transport Layer Security).

This allowed them to achieve a "full bypass of Windows Hello authentication on all three" devices.

Bypassing Biometric Security Features of Windows Laptops

Blackwing further detailed that most Windows Hello-compatible fingerprint readers use the "match on chip" sensors that are independent of the PC hardware. It is done through communication on Microsoft's Secure Device Connection Protocol.

Each PC had its weakness, with Dell implementing the SCDP but when done in Linux, it broke down. On the other hand, Lenovo and Microsoft's PCs saw a disabled SCDP. The hack was done through physical access to the said computers.

Biometrics for Security: Safety and Convenience

Biometrics have been an important player in technology now, and this is because many devices offer different kinds of authentication, mostly centering on smartphone and tablet technology. While most iPhones and Android flagships already offer face-scanning technology, others still focus on fingerprint scanners for access.

Windows PCs first offered biometric logins via the Windows Hello feature it first introduced in 2015, when the company released Windows 10.

The Passkey is one of the most significant advancements towards improving safety and convenience across different devices and platforms, offering an easier way to log in by using biometrics.

Technology's evolution has brought more safety for all, but it also saw significant lapses in authentication that may compromise a device if it remains unchecked. The recent study over Windows PCs and its Hello feature is a wake-up call for what it misses out on in terms of security, with the recent access presenting an alarming case should threat actors have the right tools capable of breaking it down.

Isaiah Richard
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics