RESEARCHERS have uncovered vulnerabilities in three popular laptop fingerprint sensors.
Vulnerabilities were found to be present on the Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops.
The flaws could allow attackers to bypass Windows Hello fingerprint authentication, according to cybersecurity researchers Blackwing.
Once a hacker bypasses your authentication, they can access your entire computer.
This includes your personal files, photos, and even passwords to important accounts like banking.
Malwarebytes Labs explained that each of the three sensors found on these laptops is the "match on chip" type.
"This means that a separate chip stores the biometric credentials (in this case the fingerprints), making it almost impossible to hack into," the cybersecurity company said.
Communication between these sensors and a laptop happens through a secure channel via the Secure Device Connection Protocol (SDCP) created by Microsoft.
However, hackers have been able to "spoof" the communication between sensors and laptops.
"They were able to fool the laptops using a USB device, which pretended to be its sensor and sent a signal that an authorized user had logged in," Malwarebytes said.
Most read in News Tech
GRACE SPENT
Grace Dent QUITS I’m A Celeb ‘on medical grounds’ as fans spot moment she broke
FOUND SAFE
Girl, 9, who vanished while walking a puppy has been ‘found safe and well’
FRENCH FANCY
Nigel Farage’s ‘secret’ lover WILL jet to jungle to support him on I’m A Celeb
jungle fallout
I’m A Celeb fans spot feud as campmate accuses Sam Thompson of being fake
In turn, the researchers from Blackwing noted that while SDCP is powerful, it can be useless if other parts of the setup are weaker.
HOW TO STAY SAFE
"If you, as a user, are worried about anyone being able to get near your laptop with a USB device, you shouldn’t be using fingerprints as an authentication method and disabled," Malwarebytes said.
To remove this feature, go to the Windows search bar and search Sign-in options.
From there click on Open and then select Fingerprint Recognition (Windows Hello).
After you have done that, click Remove and the fingerprint sign-in option should be removed.
"Until the manufacturers have dealt with the weaknesses in their setups, we can’t assume that this is a secure method of authentication," Malwarebytes warned.
Another type of authentication users can enable instead of fingerprint is a strong passcode.
Experts recommend a unique passcode that contains upper and lower-case letters, numbers, and symbols.
Source: Read Full Article