acm-header
Sign In

Communications of the ACM

ACM TechNews

Researchers Find Vulnerabilities in Windows Hello Implementations


View as: Print Mobile App Share:
Portable computing devices.

Among other things, the researchers found the IBM ThinkPad T14s’ fingerprint sensor can be compromised if hackers obtain its TLC implementation’s encryption key.

Credit: SiliconANGLE

Researchers at cybersecurity company Blackwing Intelligence found vulnerabilities in several laptop makers’ implementations of Windows Hello, the biometric login feature built into Windows.

The researchers uncovered the vulnerabilities as part of a project carried out on behalf of Microsoft Corp.’s offensive research and security engineering team to analyze laptops from Microsoft, Lenovo, and Dell.

The flaws found relate to a Microsoft technology called the Secure Device Connection Protocol (SDCP), which many laptops rely on to power their Windows Hello implementations.

“Microsoft did a good job designing Secure Device Connection Protocol (SDCP) to provide a secure channel between the host and biometric devices, but unfortunately device manufacturers seem to misunderstand some of the objectives,” the researchers said.

From SiliconANGLE
View Full Article

 

Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA


 

No entries found