Tag

Fingerprint Authentication

All articles tagged with #fingerprint authentication

technology2 years ago•3 min saved

Windows Hello Fingerprint Authentication Vulnerabilities Exposed

Security researchers have discovered vulnerabilities in the top three fingerprint sensors used in Dell, Lenovo, and Microsoft laptops, allowing them to bypass Windows Hello's fingerprint authentication. The researchers were able to build a USB device capable of deploying a man-in-the-middle attack, granting unauthorized access to stolen or unattended devices. The vulnerabilities were found in Goodix, Synaptics, and ELAN fingerprint sensors. Microsoft's SDCP protection was not enabled, making the bypass possible. Users are advised to enable SDCP protection as a precautionary measure.

via Windows Central|

#biometric-devices #fingerprint-authentication #sdcp-protection

technology2 years ago•6 min saved

Windows Hello Fingerprint Authentication Vulnerability Exposes Laptop Security Risks

Researchers have discovered vulnerabilities in Windows Hello's fingerprint authentication system that allow attackers to bypass the security feature on certain laptops. The vulnerabilities were found in the fingerprint sensors of Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro 8/X devices. The attacks involve manipulating the communication between the sensor chip and the operating system, allowing attackers to log in as a different user. The researchers recommend device makers to address these design flaws and for users to check for updates or firmware fixes.

via The Register|

#fingerprint-authentication #hardware-security #laptop-security

technology2 years ago•2 min saved

Windows Hello Fingerprint Security Bypassed on Major Laptop Brands

Security researchers have discovered vulnerabilities in the embedded fingerprint sensors of Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops, allowing them to bypass Windows Hello fingerprint authentication. The researchers successfully exploited security flaws in the fingerprint sensors made by ELAN, Synaptics, and Goodix, using man-in-the-middle attacks and custom Linux-powered devices. Despite Microsoft's Secure Device Connection Protocol (SDCP), which was designed to protect the communication between the fingerprint device and the host, the researchers found that SDCP was not enabled on two out of three of the targeted laptops. They recommend that vendors enable SDCP to enhance the security of biometric authentication solutions.

via BleepingComputer|

#biometric-authentication #fingerprint-authentication #laptop-security

technology2 years ago•4 min saved

"iPhone 16 Ditches Touch ID, Report Reveals"

According to a report, Apple's iPhone 16 lineup will not feature the return of Touch ID fingerprint authentication technology. The manufacturing equipment for the chips used in Touch ID has been permanently shut down, suggesting that Apple has no immediate plans to bring back the feature. Rumors suggest that the fourth-generation iPhone SE will feature Face ID, while Apple is reportedly working on under-display fingerprint technology for future devices.

via MacRumors|

#apple #face-id #fingerprint-authentication

technology2 years ago•2 min saved

"Security Breach: Windows Hello Fingerprint Authentication Vulnerability Exposed"

Security researchers at Blackwing Intelligence have discovered vulnerabilities in the fingerprint sensors of laptops from Dell, Lenovo, and Microsoft, which are commonly used for Windows Hello fingerprint authentication. The researchers found flaws in popular fingerprint sensors from Goodix, Synaptics, and ELAN, allowing them to bypass Windows Hello protection. The vulnerabilities involved cryptographic implementation flaws and the decoding and reimplementing of proprietary protocols. This is not the first time Windows Hello biometrics-based authentication has been defeated, and it remains unclear if Microsoft will be able to fix these latest flaws alone. Blackwing Intelligence recommends enabling Secure Device Connection Protocol (SDCP) and auditing fingerprint sensor implementations.

via The Verge|

#biometrics #fingerprint-authentication #microsoft

cybersecurity2 years ago•3 min saved

Fingerprint brute-force attacks threaten Android phones.

Researchers have discovered a new attack called 'BrutePrint' that can bypass user authentication on modern smartphones by brute-forcing fingerprints. The attack exploits two zero-day vulnerabilities, Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), and can be launched with physical access to the target device and a fingerprint database. The attack was tested against ten popular smartphone models, achieving unlimited attempts on all Android and HarmonyOS (Huawei) devices and ten additional attempts on iOS devices. The attack could allow criminals to unlock stolen devices and extract valuable private data, while its use by law enforcement raises questions about privacy rights and ethics.

via BleepingComputer|

#android #bruteprint #cyberattack