Windows Hello fingerprint login bypassed by security researchers

Share this article

Improve this guide

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

2 min. read

Published onNovember 23, 2023

published onNovember 23, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Security researchers have managed to bypass the Windows Hello fingerprint authentication measure.Researchers at New York-based Blackwing Intelligence were apparently able to circumvent fingerprint authenticationon Dell, Lenovo and Microsoft laptops by exploiting a flaw in fingerprint sensors, particularly those from top manufacturers Goodix, Synaptics and ELAN.

Over on its siteBlackwing Intelligence published a postdetailing how it was able to employ a USB-based MitM (“Man in the Middle”) attack to bypass Windows Hello authentication and gain access to a device. The findings were presented at last month’s Microsoft BlueHat conference. At present it’s unclear how Microsoft will go about fixing the issue.

Microsoft has been pushing biometric authentication measures for some time, and reported in 2020 that as many as almost 85 percent of laptop users on Windows were using Windows Hello to sign in to Windows 10 (taking into account simple PIN-authenticated logins).

Though touted as a more secure way to protect Windows devices, biometric login measures like fingerprint scanning and facial recognition are not foolproof, as Blackwing Intelligence’s BlueHat presentation displayed. A few years backCyberark Labs was able to provide a proof of conceptshowing how Windows Hello face recognition technology could be bypassed, again with the use of a custom USB loaded with a photo of the target’s face. Microsoft was later able to fix this vulnerability.

Still, biometric authentication features are becoming more prevalent, including on Windows devices.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Windows Hello fingerprint login bypassed by security researchers#