Security researchers recently managed to demonstrate that certain fingerprint sensors could deceive the vigilance of Windows Hello.
You may be familiar with Windows Hello, this secure connection device, based on a “ biometric authentication “. In other words, Windows Hello allows the user to log in to their devices and applications with their face or even their fingerprint, without forgetting of course a PIN code. At the request of Microsoft, certain security researchers have managed to find certain flaws concerning the fingerprint sensor.
Flaws in the fingerprint sensors of certain PCs
Indeed, the MORSE service (for Microsoft Offensive Research and Security Engineering) recently asked Blackwing Intelligence to evaluate the security of fingerprint sensors. As such, the researchers presented their findings at Microsoft’s BlueHat conference in October.
The latter were thus able to highlight security flaws present directly within the fingerprint sensors of certain computers. This is the case for certain computers from Dell and Lenovo… but also for Microsoft’s Surface Pro X.
Improperly installed biometric devices
Provided you have certain knowledge of computer hacking, it would be entirely possible to deceive the vigilance of the sensors in question, which come from Goodix, Synaptics or even ELAN. This is the SDCP protocol (Secure Device Connection Protocol) which is in question, the latter not always being respected by manufacturers.
It is a USB device, installed between the hacker and the target computer, which would allow Windows Hello security to be bypassed, provided of course that the latter is protected by fingerprint-based authentication. The researchers indicate, however, that the manipulation remains very complex, and notably requires decoding proprietary protocols, before reimplementing them. So not within everyone’s reach.
This is not the first time that Windows Hello security has been compromised. Already in 2021, some had managed to fool the system’s facial recognition system, even if this required (among other things) obtaining an infrared image capture of the victim’s face. A flaw then quickly corrected by Microsoft.
As for security, remember that Microsoft recently launched a new identification feature for Windows Hello, based on passkeys.
Download
8
- Successful graphic redesign of the interface
- Improved Snap
- Effective anchor groups
Microsoft’s Windows 11 redefines the user experience with a redesigned interface, customizable widgets, and stronger Microsoft Teams integration. Each innovation aims to optimize and enrich the daily use of your device. Whether you are a professional, creator or average user, Windows 11 meets your needs by combining efficiency and pleasure of use.
Microsoft’s Windows 11 redefines the user experience with a redesigned interface, customizable widgets, and stronger Microsoft Teams integration. Each innovation aims to optimize and enrich the daily use of your device. Whether you are a professional, creator or average user, Windows 11 meets your needs by combining efficiency and pleasure of use.
Source : The Verge
Fervent fan of video games and high-tech, specializing in Mega Man 2 and other ancestral video game delights.
Read other articles
4