Security researchers discovered vulnerabilities in the fingerprint sensors of some Windows PCs that could be exploited to bypass Windows Hello's biometric fingerprint login. The affected sensors, manufactured by Elan, Googix, and Synaptics, all use a match-on-chip (MoC) design, where the biometric test occurs within a shielded microprocessor on the chip itself.
Kindly refer to the YouTube video for more information as demonstrated at the BlueHat conference in October 2023 by the security researchers.
Note: The Secure Device Connection Protocol (SDCP) protection mechanism has been implemented by Microsoft to prevent unauthorized access.
Therefore, the researchers suggest that fingerprint sensor manufacturers enable SDCP and undergo third-party security audits for their implementations. But it remains unclear whether the identified security issues can be entirely addressed through software updates.
