A group of researchers have proven that Microsoft’s Windows Hello fingerprint authentication isn’t as strong as the company might have thought. This isn’t the first time that we’ve seen Windows Hello’s various authentication methods hacked, but it does prove that Microsoft has a bit more work to do when it comes to its biometric security.
Previously, we saw Windows Hello’s photo authentication being fooled by printed photographs. Now, though, a group of security researchers have managed to break through the fingerprint authentication systems that Microsoft uses for Windows Hello systems. The group was brought on to test the system by Microsoft, so the company will likely work to improve its authentication systems going forward.
However, it is worth noting that the Windows Hello fingerprint hack did take at least a few months to pull off. According to a post shared during Microsoft’s BlueHat security conference, the group was able to use the fingerprint sensors within a Dell Inspiron 15 and a Lenovo ThinkPad T14, as well as the one found within the Microsoft Surface Pro Type Cover with Fingerprint to break through the system.
It’s also worth noting that each of the fingerprint sensors used in the testing relied on “match on chip” technology, which means that all the authentication is handled on the sensor itself. The group behind the Windows Hello fingerprint hack, called Blackwing, says that these match-on-chip systems protect your biometric data, even if the host is compromised.
As noted above, Blackwing says it took roughly three months to pull off this particular hack. And it took a lot of effort. However, the point here is that the group was successful at breaking through Microsoft’s defenses, and it shows that fingerprint sensor manufacturers need to find new ways to ensure the protection of the devices they are connecting their systems to.