Microsoft’s Windows Hello security, which offers a passwordless method of logging into Windows-powered machines may not be as secure as you think.
According to a blog post by Blackwing Intelligence, Microsoft’s Offensive Research and Security Engineering (MORSE) recently asked them to “evaluate the security of the top three fingerprint sensors embedded in laptops.”
Researchers working on the project found several vulnerabilities that allowed them to bypass the Windows Hello fingerprint authentication. It goes on to reveal that the fingerprint sensors used in the Lenovo ThinkPad T14, Dell Inspiron 15, Surface Pro 8 and X tablets made by Goodix, Synaptics and ELAN were susceptible to man-in-the-middle attacks.
The researchers used reverse engineering to find exploits in the fingerprint sensors and then created a USB device which allowed them to bypass the security mechanism. The blog also revealed that Microsoft has done “a good job” of enhancing security with its ‘Secure Device Connection Protocol’ and that two of the three fingerprints that were tested did not have this particular feature enabled.
However, it should be noted that researchers at the Blackwing Intelligence group needed almost three months to bypass the security authentication method, so bypassing Windows Hello is not as easy as it seems.
While it is still unclear if Microsoft will be able to fix the flaws, this is not the first time the biometric-based Windows Hello mechanism has been susceptible to attacks. In 2021, a proof of concept showed that the authentication method could be bypassed by capturing an infrared photo of a victim and showing it to Windows Hello’s facial recognition feature, following which Microsoft fixed the issue.
© IE Online Media Services Pvt Ltd
First published on: 25-11-2023 at 17:46 IST
Deepak Sen is a tech enthusiast who covers the latest technological innovations, from AI to consumer gadgets. His articles provide readers with a glimpse into the ever-evolving world of technology.
