Security News > 2023 > November > Windows Hello auth bypassed on Microsoft, Dell, Lenovo laptops
Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors.
Blackwing Intelligence security researchers discovered vulnerabilities during research sponsored by Microsoft's Offensive Research and Security Engineering to assess the security of the top three embedded fingerprint sensors used for Windows Hello fingerprint authentication.
To counteract attacks that would exploit these weaknesses, Microsoft developed the Secure Device Connection Protocol, which should've ensured that the fingerprint device was trusted and healthy and that the input between the fingerprint device and the host was protected on the targeted devices.
Despite this, the security researchers successfully bypassed Windows Hello authentication using man-in-the-middle attacks on all three laptops, leveraging a custom Linux-powered Raspberry Pi 4 device.
On Dell and Lenovo laptops, authentication bypass was achieved by enumerating valid IDs and enrolling the attacker's fingerprint using the ID of a legitimate Windows user.
Microsoft said three years ago that the number of users signing into their Windows 10 devices using Windows Hello instead of using a password grew to 84.7 percent from 69.4 percent in 2019.
News URL
Related news
- Microsoft says Windows 10 21H2 support is ending in June (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Microsoft again bothers Chrome users with Bing popup ads in Windows (source)
- Microsoft announces deprecation of 1024-bit RSA keys in Windows (source)
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors (source)
- Recent Windows updates break Microsoft Connected Cache delivery (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)