Microsoft launched Windows Hello as its passwordless alternative for Windows laptops. You could login to your PC using PIN, face recognition or the fingerprint sensor. The company has made tall claims that its Hello security is reliable and not-that-easy to bypass.
Well, a group of researchers have proved those claims otherwise by breaking the fingerprint sensor on laptops from Dell, Lenovo and Microsoft itself. The most interesting part about these details is that Microsoft asked the security researchers to test the security levels of the fingerprint sensors that you get with laptops these days.
The company reached out to Blackwing intelligence to test the feature and see where it stands in terms of the security level. The agency used the Dell Inspiron 15, Lenovo ThinkPad T14 and Microsoft Surface Pro X models that were affected by the test and showed that the fingerprint sensors on these devices can be bypassed by those with the knowledge of breaking such technical stuff.
So how does Blackwing Intelligence manage to break the security of these laptops? They had to reverse engineer both hardware and software on these models to discover flaws in the custom TLS which is an integral part of the security sensor, in this case from Synaptics. But their findings also explained that manufacturers might be at fault for these breakages rather than Microsoft’s security level.
In fact, the researchers said that Microsoft has done a good job designing the security protocol between the laptop and the biometric sensor. But these three laptops didn’t have it activated which made them susceptible to intrusion that puts millions of users at risk. After all, Microsoft has claimed that Windows Hello is being used by well over 85 million devices, and if most of them don’t adhere to these protocols then people have to avoid using the feature altogether.
But that’s just the Windows market, what about the millions of Android phones and even Mac devices that have the same feature, are they secure? Well, Blackwing is looking into possible tests on these platforms and we might soon hear more about their findings.
Comments
0 comment