Skip to main content

Windows may have a serious security problem on its hands

A finger pressing on a fingerprint reader on a laptop.
Digital Trends

The premier sensors enabling Windows Hello fingerprint authentication are not as secure as manufacturers had hoped. Researchers have discovered security flaws in a number of fingerprint sensors used in several laptops that work with the Windows Hello authentication feature.

Security researchers at Blackwing Intelligence have uncovered that laptops made by Dell, Lenovo, and Microsoft can have their Windows Hello fingerprint authentication bypassed easily due to vulnerabilities in the sensors that can cause them to be taken over by bad actors at the system level.

Many of the laptop brands use fingerprint sensors from Goodix, Synaptics, and ELAN. These vulnerabilities are beginning to arise as businesses transition to biometrics as a primary option for accessing devices. As time goes on, password use will continue to diminish. Three years ago, Microsoft claimed that 85% of its users were opting for a Windows Hello sign-in on Windows 10 devices over a password, according to The Verge.

On request from Microsoft’s Offensive Research and Security Engineering (MORSE), researchers shared details of various attacks that have plagued fingerprint authentication-enabled laptops at the brand’s BlueHat conference in October.

One such attack is a man-in-the-middle (MitM) attack, which can be used to access a stolen laptop. Another method is an “evil maid” attack, which can be used on an unattended device.

Blackwing Intelligence researchers tested a Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X, which all fell victim to various bypass methods as long as someone had previously used their fingerprint to access the devices. The researchers noted that the bypassing entailed reverse engineering of the hardware and software on the laptops. They found flaws in the security layer of the Synaptics sensor, in particular. Windows Hello needed to be decoded and restructured to get past its setup, but it was still able to be hacked.

Researchers noted that Microsoft’s Secure Device Connection Protocol (SDCP) is a solid attempt at applying a security measure within the biometric standard. It allows for more secure communication between the biometric sensor and its laptop. However, not all manufacturers implemented the feature well enough for it to be effective, if they enabled it at all. Two out of the three laptops examined in the study had SDCP enabled.

Having more secure biometric laptops won’t only be a task for Microsoft. An initial remedy for securing Windows Hello-enabled laptops is also to have SDCP enabled on the manufacturer’s side, Blackwing Intelligence noted.

This study follows a 2021 facial recognition biometrics flaw in Windows Hello that allowed users to bypass the feature with certain alterations. Microsoft was forced to update its feature after researchers presented a proof of concept showcasing users with masks or plastic surgery bypassing Windows Hello facial recognition authentication.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Chrome has a security problem — here’s how Google is fixing it
Google Chrome icon in mac dock.

Google is looking to get ahead of high-severity vulnerabilities on its Chrome browser by shortening the time between security updates.

The brand hopes that more frequent updates will give bad actors less time to access and exploit n-day and zero-day flaws found within Chrome browser code.

Read more
Nvidia may have finally fixed its melting power connectors
The RTX 4070 graphics card on a pink background.

The 12VHPWR connector used in some of Nvidia's best graphics cards works well for most people -- but not for everyone. There have been reports of the connector melting inside the case, rendering the GPU unusable.

Nvidia seems to have learned from this experience, though. As it turns out, the Founders Edition of the RTX 4070 is no longer using 12VHPWR. Will the change be the remedy to these problems?

Read more
Common Windows 11 problems and how to fix them
Person using Windows 11 laptop on their lap by the window.

Windows 11 might be Microsoft's best operating system yet, but that doesn't mean it's free of problems. There are still bugs to iron out, as well as issues that crop up from everyday use that anyone can experience. We've certainly faced our fair share of them while reviewing the latest laptops since Windows 11 launched a couple of years ago.

Have you experienced a problem with Windows 11? You're not alone. Here are some of the most common issues with Windows 11 and how to fix them.
No sound in Windows 11

Read more