Your laptop’s fingerprint sensor is convenient, but is it secure?
Manufacturers should address this problem by following strict and consistent security practices, per Blackwing Intelligence.
Microsoft asked Blackwing Intelligence to investigate Windows Hello’s fingerprint system ahead of the October 2023BlueHat conference.
Joe Robinson / How-To Geek
Unique vulnerabilities were discovered in each laptop’s Windows Hello fingerprint system.
The Blackwing Intelligence team used a custom USB equipment to exploit these vulnerabilities and bypass fingerprint login.
Technically speaking, Microsoft’s Secure unit Connection Protocol (SDCP) should protect laptops from such an attack.
Oddly, the Surface Pro X proved to be the easiest victim.
This 2-in-1 laptopshouldhave posed a unique challenge.
After all, it’s made by Microsoft and runs the niche Windows on ARM operating system.
The good news is that these man-in-the-middle (MitM) attacks require physical access to a victim’s laptop.
But this research highlights an uncomfortable factWindows laptop manufacturers, including Microsoft, are not following consistent security practices.
Source:Blackwing IntelligenceviaThe Verge
