Sunday , July 7 2024

Black wing intelligence (video)
Windows hello fingerprint auth bypassed on Microsoft, Dell, Lenovo laptops

infosecbulletin Thursday , November 23 2023 Cyber Attack, Vulnerabilities

Security researchers were able to bypass authentication on three popular laptops by testing the fingerprint sensors used for Windows Hello. The research was done by Blackwing Intelligence and Microsoft’s MORSE.

Target devices include a Dell Inspiron 15 with a Goodix fingerprint sensor, a Lenovo ThinkPad T14s with a Synaptics sensor, and a Microsoft Surface Pro X with an ELAN sensor. The embedded fingerprint sensors and the host were targeted with software and hardware attacks.

RockYou2024: Massive 10-Billion Password Leak

By infosecbulletin / Sunday , July 7 2024
A huge collection of passwords, containing almost ten billion unique passwords, was leaked on a popular hacking forum. The Cybernews...
Read More
RockYou2024: Massive 10-Billion Password Leak

ISPC first get together held with a festive look

By infosecbulletin / Sunday , July 7 2024
First get together of information security professionals community (ISPC) was held at Dhaka with a festive look with the participation...
Read More
ISPC first get together held with a festive look

ISACA Dhaka chapter election
Iqbal hossain president, Azad secretary for ISACA Dhaka chapter

By infosecbulletin / Saturday , July 6 2024
Mohammed Iqbal Hossain has been elected as the president of ISACA Dhaka chapter and Md. Abul Kalam Azad has been...
Read More
ISACA Dhaka chapter election Iqbal hossain president, Azad secretary for ISACA Dhaka chapter

Emerging Eldorado ransomware focuses on Windows, VMware ESXi VMs

By infosecbulletin / Saturday , July 6 2024
A new ransomware named Eldorado appeared in March and has locker versions for VMware ESXi and Windows. The gang has...
Read More
Emerging Eldorado ransomware focuses on Windows, VMware ESXi VMs

OVHcloud faces record 840 million DDoS Attack Using MikroTik Routers

By infosecbulletin / Friday , July 5 2024
French cloud computing firm OVHcloud recently handled the largest DDoS attack in terms of packet rate. This attack occurred during...
Read More
OVHcloud faces record 840 million DDoS Attack Using MikroTik Routers

New report; Polyfill[.]io Attack Impacts Over 380,000 Hosts

By infosecbulletin / Friday , July 5 2024
The web development community was affected by a supply chain attack on the popular Polyfill.io JavaScript library last week. Polyfill.js...
Read More
New report; Polyfill[.]io Attack Impacts Over 380,000 Hosts

Apache HTTP Server Update Patches Critical Source Code Disclosure Flaw

By infosecbulletin / Friday , July 5 2024
Apache Software Foundation released Apache HTTP Server version 2.4.61 to fix a serious source code disclosure vulnerability (CVE-2024-39884). This flaw...
Read More
Apache HTTP Server Update Patches Critical Source Code Disclosure Flaw

Microsoft Uncovers Flaws in Rockwell Automation PanelView Plus

By infosecbulletin / Thursday , July 4 2024
Microsoft's cybersecurity team found two major vulnerabilities in Rockwell Automation's PanelView Plus, a widely used human-machine interface in industrial settings....
Read More
Microsoft Uncovers Flaws in Rockwell Automation PanelView Plus

Researchers detect 28 new Ransomwares in June

By infosecbulletin / Thursday , July 4 2024
Cybersecurity experts found 28 new types of ransomware in June. These malicious programs are a big threat to individuals and...
Read More
Researchers detect 28 new Ransomwares in June

Vote for DHAKA, Vote for ISACA at 6 July

By infosecbulletin / Wednesday , July 3 2024
ISACA Dhaka Chapter election is going to be held on Saturday (6 July) 2024. This year 23 candidates will fight...
Read More
Vote for DHAKA, Vote for ISACA at 6 July

AlSO READ:

By 2025, Domestic cloud market expected $46.3 million; MD “DataHub Asia”

The sensors that were tested are Match-on-Chip, meaning the chip has a microprocessor and memory, and the fingerprint data always stays within the sensor. To bypass authentication, one would need to physically attack the chip itself.

To carry out the attack, the attacker needs to physically get hold of the device. This means they would have to either steal the device or use the evil maid method.

The researchers showed how to carry out attacks by connecting a hacking device to a laptop using USB or by connecting a specially crafted rig to the fingerprint sensor.

For Dell and Lenovo laptops, the Windows Hello fingerprint authentication was bypassed by manipulating valid user fingerprint ID numbers and enrolling the attacker’s fingerprint by imitating a legitimate user’s ID.

To hack the Surface device, the attacker must disconnect the Type Cover, which is the keyboard and fingerprint sensor, and connect a USB device that tricks the fingerprint sensor into thinking it’s an authorized user logging in.

Blackwing published a blog post on Tuesday about their findings. Microsoft also released a video of the Blackwing researchers presenting their findings at the BlueHat conference in October.

Check Also

laptop

0-click Account Takeover via Google Authentication

“A critical vulnerability has been identified in the Google Authentication mechanism of the application. By …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin