FB pixel

Microsoft misses own protocol, laptop fingerprint biometrics defeated in test

Microsoft misses own protocol, laptop fingerprint biometrics defeated in test
 

Microsoft’s Hello biometric authentication software has proven surprisingly fallible in a security test, requested by the software company, of three vendors’ laptops.

The challenge involved Microsoft’s Surface Pro Type Cover with an Elan fingerprint sensor, Lenovo’s ThinkPad T14s with a Synaptics sensor and Dell’s Inspiron 15 loaded with a Goodix. Each chip performs the biometric match in-sensor.

Blackwing Intelligence performed three months of testing that “resulted in three 100% reliable bypasses” of Hello authentication. Its researchers confessed surprise that of the three setups the Surface Pro fell easiest.

They have documented what they found in detail and say they will go even deeper with a follow-up report.

At the risk of oversimplification, it seems that the common element tied to each biometric hack is Microsoft’s Secure Device Connection Protocol. The protocol is standards and secure-communication rules.

In all three cases, the protocol was insufficiently enabled, or the system was architected in a way that it was sidelined. It was, in fact, not implemented in the Surface Pro – Microsoft’s Surface Pro.

Closing this hole is easy for vendors. Blackwing says they just have to enable the protocol. And for good measure, the researchers say, get an independent audit of the software implementation before a white hat firm starts digging around.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Biometrics White Papers

Biometrics Events

Explaining Biometrics