top of page

New vulnerabilities discovered in Windows Hello

Two security researchers from the company Blackwing Intelligence presented at the BlueHat conference last October some vulnerabilities discovered in the three main fingerprint sensors used on laptops, allowing them to bypass the Windows Hello biometric authentication system of Microsoft.

These same researchers targeted Goodix, Synaptics and Elan sensors respectively used on the Dell Inspiron 15, Lenovo ThinkPad T14 and a Surface Pro X laptops.

To thwart attacks that would exploit these weaknesses, Microsoft developed the Secure Device Connection Protocol (SDCP), which should have ensured that the fingerprint device was trusted and that input between the fingerprint device and the host was protected on the targeted devices.

Despite this, security researchers were able to bypass Windows Hello authentication using man-in-the-middle (MiTM) attacks on all three laptops, using the Raspberry Pi 4 Linux device. Microsoft could not be able to fix these new flaws on its own, with researchers indicating that some problems originate from device manufacturers.

It should also be noted that the discovery of these vulnerabilities is part of a project carried out on behalf of the Microsoft Offensive Research and Security Engineering (MORSE) team.

To view the full presentation, go to

3 views0 comments

Recent Posts

See All


bottom of page