Skip to main content

Windows may have a serious security problem on its hands

A finger pressing on a fingerprint reader on a laptop.
Digital Trends

The premier sensors enabling Windows Hello fingerprint authentication are not as secure as manufacturers had hoped. Researchers have discovered security flaws in a number of fingerprint sensors used in several laptops that work with the Windows Hello authentication feature.

Security researchers at Blackwing Intelligence have uncovered that laptops made by Dell, Lenovo, and Microsoft can have their Windows Hello fingerprint authentication bypassed easily due to vulnerabilities in the sensors that can cause them to be taken over by bad actors at the system level.

Many of the laptop brands use fingerprint sensors from Goodix, Synaptics, and ELAN. These vulnerabilities are beginning to arise as businesses transition to biometrics as a primary option for accessing devices. As time goes on, password use will continue to diminish. Three years ago, Microsoft claimed that 85% of its users were opting for a Windows Hello sign-in on Windows 10 devices over a password, according to The Verge.

On request from Microsoft’s Offensive Research and Security Engineering (MORSE), researchers shared details of various attacks that have plagued fingerprint authentication-enabled laptops at the brand’s BlueHat conference in October.

One such attack is a man-in-the-middle (MitM) attack, which can be used to access a stolen laptop. Another method is an “evil maid” attack, which can be used on an unattended device.

Blackwing Intelligence researchers tested a Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X, which all fell victim to various bypass methods as long as someone had previously used their fingerprint to access the devices. The researchers noted that the bypassing entailed reverse engineering of the hardware and software on the laptops. They found flaws in the security layer of the Synaptics sensor, in particular. Windows Hello needed to be decoded and restructured to get past its setup, but it was still able to be hacked.

Researchers noted that Microsoft’s Secure Device Connection Protocol (SDCP) is a solid attempt at applying a security measure within the biometric standard. It allows for more secure communication between the biometric sensor and its laptop. However, not all manufacturers implemented the feature well enough for it to be effective, if they enabled it at all. Two out of the three laptops examined in the study had SDCP enabled.

Having more secure biometric laptops won’t only be a task for Microsoft. An initial remedy for securing Windows Hello-enabled laptops is also to have SDCP enabled on the manufacturer’s side, Blackwing Intelligence noted.

This study follows a 2021 facial recognition biometrics flaw in Windows Hello that allowed users to bypass the feature with certain alterations. Microsoft was forced to update its feature after researchers presented a proof of concept showcasing users with masks or plastic surgery bypassing Windows Hello facial recognition authentication.

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Your PC’s security is being attacked on two new fronts
Person using Windows 11 laptop on their lap by the window.

Your PC is facing a double whammy of cyber threats, both of them built into basic Windows features -- one that exploits Windows search and another a Wi-Fi vulnerability.

The first vulnerability allows hackers to exploit search in what researchers have called a "clever" way, as reported by Trustwave. It begins when users are tricked into downloading malware, starting with phishing emails with malicious .ZIP attachments containing HTML files disguised as invoices or something along those lines.

Read more
4 high-end features Windows laptops still have over MacBooks
Lenovo Yoga 9i Gen 9 top down view showing tablet and pen.

Apple's MacBook lineup has exploded over the last several years, with its Silicon chipsets offering class-leading performance and efficiency. The MacBook Pro, in particular, is faster than many Windows laptops, longer-lasting than most, and has an excellent mini-LED display. There are many good reasons to choose a MacBook over a Windows laptop in today's market.

But all isn't lost for the Windows platform. Even aside from the upcoming Snapdragon X Elite laptops that look to be competitive, there are still some more basic features that you can only get on a Windows laptop at the moment. Here are the four that I keep coming back to.
Windows Hello

Read more
A massive Windows 11 AI feature may launch next week despite privacy concerns
Privacy settings in Windows 11.

Windows 11 continues to build a large toolset of AI features, but the one rumored to soon launch may be the biggest change yet -- especially when it comes to your PC's privacy. Windows Latest reports that in Build 26212, the Windows 11 AI integration is named Recall and can be found on the Privacy & Security page in settings (via Albacore on X).

The concern is due to its privacy toggle. According to the latest build, you can record everything on your screen to help you better find something you were working on or searching for. The positive side is that it can help you find the report you edited when you can't remember where you saved it by accessing the timeline interface. It will also help users with their browsing history. For example, if you searched for how to use WhatsApp Web, but can't remember which browser you used or what site the information was on, AI Explorer (or Recall, as it may be named) can find the information for you.

Read more