Sign In

Communications of the ACM

ACM TechNews

Researchers Find Vulnerabilities in Windows Hello Implementations

View as: Print Mobile App Share:
Portable computing devices.

Among other things, the researchers found the IBM ThinkPad T14s’ fingerprint sensor can be compromised if hackers obtain its TLC implementation’s encryption key.

Credit: SiliconANGLE

Researchers at cybersecurity company Blackwing Intelligence found vulnerabilities in several laptop makers’ implementations of Windows Hello, the biometric login feature built into Windows.

The researchers uncovered the vulnerabilities as part of a project carried out on behalf of Microsoft Corp.’s offensive research and security engineering team to analyze laptops from Microsoft, Lenovo, and Dell.

The flaws found relate to a Microsoft technology called the Secure Device Connection Protocol (SDCP), which many laptops rely on to power their Windows Hello implementations.

“Microsoft did a good job designing Secure Device Connection Protocol (SDCP) to provide a secure channel between the host and biometric devices, but unfortunately device manufacturers seem to misunderstand some of the objectives,” the researchers said.

From SiliconANGLE
View Full Article


Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account