Microsoft’s Windows Hello Fingerprint Security System Fails Security Tests
PC users of laptops that have the Windows Hello feature might be relying on a security system that isn’t all that secure, according to a new report.
Microsoft reportedly asked a cybersecurity company, known as Blackwing Intelligence, to put its system through its paces to see how well it held up and the results haven’t been as strong as the Redmond outfit would surely have liked.
Microsoft’s Offensive Research and Security Engineering (MORSE) asked us to evaluate the security of the top three fingerprint sensors embedded in laptops and used for Windows Hello fingerprint authentication. Our research revealed multiple vulnerabilities that our team successfully exploited, allowing us to completely bypass Windows Hello authentication on all three laptops.
The three devices that saw their security systems bypassed were the Dell Inspiron 15, the Lenovo ThinkPad T14, and the Microsoft Surface Pro Type Cover with Fingerprint ID (for Surface Pro 8 / X).
All three of them required different processes in order to bypass but bypassed, they were. However, this now means that Microsoft has the information that it needs in order to be able to ensure that future versions of Windows Hello are more secure which should hopefully mean better laptop security moving forward.
Of course, it’s worth remembering that using Windows Hello is much more secure than not using any security system at all, so we’d suggest that people stick with the system they have in place for now.