Premium
This is an archive article published on November 25, 2023

Researchers successfully hack Microsoft’s Windows Hello fingerprint authentication

A group of researchers hired by Microsoft have successfully bypassed the Windows Hello authentication, which the tech giant says is used by millions worldwide.

google-preferred-btn
Windows Hello | Is Windows Hello safe | Windows Hello hackedWindows Hello is a biometric based authentication method that allows users to login without passwords. (Image Source: Microsoft)
Listen to this article
Researchers successfully hack Microsoft’s Windows Hello fingerprint authentication
x
00:00
1x 1.5x 1.8x

Microsoft’s Windows Hello security, which offers a passwordless method of logging into Windows-powered machines may not be as secure as you think.

According to a blog post by Blackwing Intelligence, Microsoft’s Offensive Research and Security Engineering (MORSE) recently asked them to “evaluate the security of the top three fingerprint sensors embedded in laptops.”

Researchers working on the project found several vulnerabilities that allowed them to bypass the Windows Hello fingerprint authentication. It goes on to reveal that the fingerprint sensors used in the Lenovo ThinkPad T14, Dell Inspiron 15, Surface Pro 8 and X tablets made by Goodix, Synaptics and ELAN were susceptible to man-in-the-middle attacks.

Story continues below this ad

The researchers used reverse engineering to find exploits in the fingerprint sensors and then created a USB device which allowed them to bypass the security mechanism. The blog also revealed that Microsoft has done “a good job” of enhancing security with its ‘Secure Device Connection Protocol’ and that two of the three fingerprints that were tested did not have this particular feature enabled.

Also Read | What is metadata, and its role in fact-finding

However, it should be noted that researchers at the Blackwing Intelligence group needed almost three months to bypass the security authentication method, so bypassing Windows Hello is not as easy as it seems.

While it is still unclear if Microsoft will be able to fix the flaws, this is not the first time the biometric-based Windows Hello mechanism has been susceptible to attacks. In 2021, a proof of concept showed that the authentication method could be bypassed by capturing an infrared photo of a victim and showing it to Windows Hello’s facial recognition feature, following which Microsoft fixed the issue.

© IE Online Media Services Pvt Ltd
Latest Comment
Post Comment
Read Comments
Advertisement
Top Stories
Arya’s death has now put renewed focus on the events of the past year, during which he accused the department of not only withholding dues but also “robbing” his concept. (Express photo by Sankhadeep Banerjee)
CitiesWhy Rohit Arya held 17 kids hostage in Mumbai? A long fight with Maharashtra Dept holds the key
The Taj Story movie review
EntertainmentThe Taj Story movie review: This Paresh Rawal-led courtroom drama argues loudly but proves little
Sam Altman tesla Roadster Elon musk
TrendingSam Altman shares email showing $50,000 Tesla booking still undelivered after 7 years with no refund: ‘I understand delays but…’
Harmanpreet Kaur India knockouts
SportsWomen's World Cup: What makes Harmanpreet Kaur a knockout sensation?
Sardar Vallabhbhai, What we owe Sardar Patel, Sardar Patel, Sardar Vallabhbhai Patel, M Venkaiah Naidu, Venkaiah Naidu, editorial, Indian express, opinion news, current affairs
OpinionWhat we owe Sardar Patel
Live Blog
Loading Taboola...
Advertisement