How do hackers hack fingerprint scanners on Windows laptops?

A recent study by Blackwing Intelligence revealed serious vulnerabilities in the fingerprint scanners used for Windows Hello authentication. These vulnerabilities can be used by attackers to bypass security systems and gain unauthorized access to laptops from major manufacturers such as Dell, Lenovo and Microsoft.

According to The Verge, a team of researchers analyzed three widely used fingerprint sensors from Goodix, Synaptics and ELAN. These devices are integrated into laptops and are used for biometric authentication using Windows Hello. The attackers used a special USB device to spoof biometric data, which led to the successful hacking of the security of Dell Inspiron 15, Lenovo ThinkPad T14 and Microsoft Surface Pro X laptops.

Windows Hello problems

Windows Hello is positioned by Microsoft as a highly effective and convenient authentication system that offers an alternative to traditional passwords. However, Blackwing Intelligence research revealed the following problems:

• Lack of SDCP: Two of the three devices did not use the Secure Device Connection Protocol (SDCP), which is required to provide a secure channel between the host and biometric devices.
• Cryptography Issues: Weaknesses have been identified in the implementation of fingerprint sensors, such as weak cryptography, insufficient authentication, and incorrect error handling.
• Potential Impact: Successful attacks against these vulnerabilities could allow attackers to access sensitive user information, install malicious software, and perform other malicious actions on computers using such scanners.

What to do?

The researchers warn that fixing these vulnerabilities will require a joint effort on the part of Microsoft and hardware manufacturers. In the meantime, users are advised to take precautions such as using additional security tools and regularly updating software.