Security researchers uncovered multiple vulnerabilities with the top three fingerprint sensors used on laptops, allowing them to bypass Microsoft’s Windows Hello biometric authentication system.
Blackwing Intelligence detailed their work in a recent blog post, as spotted by The Verge. Microsoft Offensive Research and Security Engineering (MORSE) asked Blackwing to evaluate the security of fingerprint sensors and the researchers revealed their findings in a presentation at Microsoft’s BlueHat conference in October.
The researchers targeted sensors from Goodix, Synaptics, and ELAN and were able to build a USB device that can perform a man-in-the-middle (MitM) attack. They were able to bypass the Windows Hello protection on a Dell Inspiron 15, Lenovo ThinkPad T14, and a Microsoft Surface Pro X.
The findings are concerning, especially given the significant rise in laptops equipped with fingerprint sensors. The Verge notes that’s in part thanks to Microsoft’s push toward a passwordless future, one that heavily relies on Windows Hello.
Unfortunately, Microsoft might not be able to fix these new flaws on its own, with researchers indicating some of the issues stem from device manufacturers.