They found a vulnerability in Dell, Lenovo, and Microsoft laptops running Windows Hello

Security researchers have discovered a vulnerability in the way laptop makers implement fingerprint authentication. Windows HelloMicrosoft’s biometric login system. According to a report by cybersecurity company CyberArk, attackers can take advantage of these flaws to access locked devices without the user’s fingerprint.

Windows Hello is a biometric technology system developed by Microsoft that allows Windows 10 and Windows 11 users Authenticate your devicesand online applications and services through facial or fingerprint recognition only, instead of using passwords.

The problem is that some laptops store fingerprints in an unencrypted format that can be accessed within the device, rather than using them. Trusted Platform Module (TPM) built into the Windows operating system. This allows attackers to extract fingerprints from the device’s memory and create a fake image that can fool the fingerprint sensor.

CyberArk researchers tested this method on several laptop models from Dell, Asus, Acer, Lenovo, and MSI, and were able to bypass Windows Hello fingerprint authentication on all of them. They warned that this failure could jeopardize the security of personal data Professional usersEspecially if devices are lost or stolen.

Microsoft response

CyberArk notified Microsoft and affected laptop manufacturers of the bug in July, some of which have already been released Firmware updates to fix it.

Microsoft has also published a guide for device manufacturers on how to properly implement Windows Hello fingerprint authentication1. Users can check if their device vulnerable to this failure Using a free tool developed by CyberArk2.

Meanwhile, the safest thing for those who have this equipment is to use two-factor authentication, so, if the biometric ID is compromised, they will have another access door that the hackers don’t necessarily have.