Security researchers from Blackwing Intelligence and Microsoft’s Offensive Research and Security Engineering (MORSE) discovered vulnerabilities in fingerprint sensors used for Windows Hello authentication on popular laptops. The Dell Inspiron 15, Lenovo ThinkPad T14s, and Microsoft Surface Pro X were targeted, all equipped with Match-on-Chip fingerprint sensors, ensuring fingerprint data stays within the sensor. However, the researchers found methods to bypass authentication by exploiting hardware and software vulnerabilities, requiring physical access to the device. For Dell and Lenovo laptops, attackers could enroll their fingerprints by spoofing legitimate user IDs. In the case of the Surface device, attackers could unplug the keyboard (Type Cover) with the fingerprint sensor and connect a USB device to simulate authorized user logins. Details of the findings were published in a blog post by Blackwing, and Microsoft shared a video presentation of the researchers discussing their discoveries at the BlueHat conference in October.
Read more: https://www.securityweek.com/windows-hello-fingerprint-authentication-bypassed-on-popular-laptops/