Order the just-launched Galaxy Fold7, Flip7, or Watch8 Classic – New deal Galaxy S25 Ultra
Last updated: November 23rd, 2023 at 06:42 UTC+01:00
SamMobile has affiliate and sponsored partnerships, we may earn a commission.
Reading time: 2 minutes
Cybersecurity firm Blackwing Intelligence researchers bypassed Windows Hello on three laptops from Dell, Lenovo, and even Microsoft. Speaking at Microsoft’s BlueHat conference in Redmond, Washington, Jesse D'Aguanno and Timo Teräs showcased how they were able to go past fingerprint authentication. The laptops that were used during the demonstration were the Dell Inspiron 15, Lenovo ThinkPad T14s, and the Microsoft Surface Pro Type Cover with Fingerprint ID (for Surface Pro 8/X).
This is a serious issue because, by bypassing Windows Hello fingerprint authentication, researchers were able to get access to user accounts and user data as if they were actual users. Moreover, the vulnerability was found on fingerprint sensors from Goodix, Synaptics, and ELAN, respectively, meaning the security issue is not limited to a particular fingerprint scanner manufacturer or laptop OEM.
In a newly published blog, the researcher's team also detailed an in-depth process of building a USB device that can perform a man-in-the-middle (MitM) attack. This is again a very serious matter, as this could provide access to anyone over an unattended device. While bypassing Windows Hello fingerprint authentication was achieved, the process involved decoding and reimplementing proprietary protocols. The security threat becomes more severe because Microsoft revealed three years ago that more than 85% of consumers were using Windows Hello to sign in.
Trending
We'd like to show you notifications for the latest important news and updates