FB pixel

ElcomSoft finds major flaw in UPEK biometrics software


ElcomSoft Co. Ltd, a Russian-based provider of corporate security and IT audit products, issued a warning regarding a major flaw in the UPEK Protector Suite software.

The security firm said in a statement: “All laptops equipped with UPEK fingerprint readers and running UPEK Protector Suite are susceptible. If you ever registered your fingerprints with UPEK Protector Suite for accelerated Windows logon and typed your account password there, you are at risk.”

While biometric logon is supposed to offer more security compared to passwords, UPEK Protector Suite failed by simply storing original Windows account passwords, in plain text in the system registry, thereby compromising security.

“The common perception is that biometric logon is just as, or maybe more secure than a password-based one,” stated ElcomSoft Marketing Director Olga Koksharova. “While biometric logon could be implemented in a safe way, UPEK apparently failed. Instead of using a proper technique, they preferred the easy route: UPEK Protector Suite simply stores the original password to a Windows account in an unencrypted fashion, making it vulnerable to intruders.”

In order to secure your account, ElcomSoft recommends that UPEK users launch the Protector Suite and disable the Windows logon feature. That should clear stored password for an individual’s Windows account. The company reminds users that they should clear all stored account passwords in order to protect all user accounts.

The UPEK Protector Suite has been included on devices manufactured by Acer, Asus, Dell, Gateway, Lenovo, MSI, NEC, Samsung, Sony, and Toshiba.

ElcomSoft has informed AuthenTec, who owns the UPEK brand, about the vulnerability. Apple has targeted AuthenTec for acquisition.

With files from T’ash Spencer

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


UK school reprimanded by ICO for using facial recognition without DPIA

A school in Chelmsford, Essex, has been reprimanded by the Information Commissioner’s Office (ICO) for the unlawful implementation of facial…


Tech5 introduces flexible biometric template protection for its ABIS

Tech5 has developed biometric template protection technology that it says meets the criteria set out in the ISO/IEC 30136 standard….


Maza streamlines KYC with Regula biometric and document verification

Regula has integrated its document and biometric verification system into Maza Financial, a fintech company based in the United States,…


More ballparks to get biometric entry through MLB’s Go-Ahead Entry

Major League Baseball continues to grow its facial recognition entry program with biometrics from NEC. An article in Sports Business…


Inrupt enters growing digital wallet market with pitch from WWW inventor

Inrupt has launched a digital wallet, which comes with a notable endorsement from an internet pioneer. A press release says…


OIX calls on new UK government to accelerate digital ID rollout

The UK should work toward a digital wallet strategy, provide clarity on how ID will work across the public and…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events