Researchers figure out how to bypass the fingerprint readers in most Windows PCs

The fingerprint sensor on a Lenovo ThinkPad X1 Carbon.

Enlarge / The fingerprint sensor on a Lenovo ThinkPad X1 Carbon. (credit: Andrew Cunningham)

Since Windows 10 introduced Windows Hello back in 2015, most Windows laptops and tablets have shipped with some kind of biometric authentication device installed. Sometimes that means a face- or iris-scanning infrared webcam, and sometimes it means a fingerprint sensor mounted on the power button or elsewhere on the device.

While these authentication methods are convenient, they aren't totally immune to security exploits. In 2021, researchers were able to fool some Windows Hello IR webcams with infrared images of users' faces. And last week, researchers at Blackwing Intelligence published an extensive document showing how they had managed to work around some of the most popular fingerprint sensors used in Windows PCs.

Security researchers Jesse D'Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft's own Surface Pro Type Covers. These are just three laptop models from the wide universe of PCs, but one of these three companies usually does make the fingerprint sensor in every laptop we've reviewed in the last few years. It's likely that most Windows PCs with fingerprint readers will be vulnerable to similar exploits.

Read 9 remaining paragraphs | Comments



The fingerprint sensor on a Lenovo ThinkPad X1 Carbon.

Enlarge / The fingerprint sensor on a Lenovo ThinkPad X1 Carbon. (credit: Andrew Cunningham)

Since Windows 10 introduced Windows Hello back in 2015, most Windows laptops and tablets have shipped with some kind of biometric authentication device installed. Sometimes that means a face- or iris-scanning infrared webcam, and sometimes it means a fingerprint sensor mounted on the power button or elsewhere on the device.

While these authentication methods are convenient, they aren't totally immune to security exploits. In 2021, researchers were able to fool some Windows Hello IR webcams with infrared images of users' faces. And last week, researchers at Blackwing Intelligence published an extensive document showing how they had managed to work around some of the most popular fingerprint sensors used in Windows PCs.

Security researchers Jesse D'Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft's own Surface Pro Type Covers. These are just three laptop models from the wide universe of PCs, but one of these three companies usually does make the fingerprint sensor in every laptop we've reviewed in the last few years. It's likely that most Windows PCs with fingerprint readers will be vulnerable to similar exploits.

Read 9 remaining paragraphs | Comments


November 28, 2023 at 12:22AM

Post a Comment

Previous Post Next Post