We have seen many times how security researchers have found vulnerabilities and flaws in programs, systems or devices. In fact, the companies themselves pay to find these errors and correct them. In this case, we echo how they have managed to bypass Windows Hello fingerprint authentication. It is something that many users use and, logically, it is a security and privacy problem. We are going to tell you what it consists of.
Nowadays you not only have passwords to be able to log in to a platform or enter your computer. You also have the option of using alternative methods, such as fingerprint or facial recognition. It helps us log in faster and, on paper, they are very reliable options.
Windows Hello fingerprint skipped
A group of security researchers from Blackwing Intelligence have managed to break Windows Hello fingerprint authentication. They have achieved this in devices that have the three fingerprint sensors that are most frequently used in Windows. This has not been a coincidence, since Microsoft asked these researchers to analyze these sensors and see if there was any problem.
Specifically, they were analyzing three very popular laptops, such as the Dell Inspiron 15, Lenovo ThinkPad 14 and Microsoft Surface Pro Type Cover, with fingerprint login. These fingerprint sensors are responsible for verifying authentication requests. Basically, it is what allows you to start Windows or not when you put your finger on it.
They detected deficiencies that could mean that an attacker could exploit these flaws and access a computer by bypassing the fingerprint. Not all devices are affected equally, since in each of them they found a way to break this security. The one that was easiest to bypass protection was the Microsoft Surface Pro, as it used clear text USB communication.
Protect yourself
So what can you do, as a home user, if you use fingerprint and you have any of this equipment? For now, if you want maximum protection and avoid problems, it is best to use another method to log in. That is what would guarantee maximum security and prevent someone from exploiting these flaws.
However, it is expected that updates will appear soon to correct these problems. It is important that you always have everything updated. Faults and vulnerabilities may arise that affect all types of systems, applications or devices. However, in most cases it is usually corrected through updates they release. We recommend that you pay attention and update whenever something new comes out.
In short, if you use your fingerprint to log in through Windows Hello and you have any of these three computers that we have shown, your security may be in danger. Temporarily, if you want to maximize protection, it is best to use other authentication methods. From there, you will have to wait for them to release updates and fix the bug. Just as you can protect your Chrome profile with a password, you can do it with any account.
