A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
I often wondered if this was possible but assumed that it was smarter than that. Guess I wad wrong
🤖 I'm a bot that provides automatic summaries for articles:
Click here to see the summary
Hardware security hackers have detailed how it's possible to bypass Windows Hello's fingerprint authentication and login as someone else – if you can steal or be left alone with their vulnerable device.
For users and administrators: be aware your laptop hardware may be physically insecure and allow fingerprint authentication to be bypassed if the equipment falls into the wrong hands.
What's supposed to happen, simply put, is that when you want to set up your laptop to use your print, the OS generates an ID and passes that to the sensor chip.
The physical communication between the chip and OS involves cryptography to, ideally, secure this authentication method from attackers.
But blunders in implementing this system have left at least the above named devices vulnerable to unlocking – provided one can nab the gear long enough to connect some electronics.
"In all, this research took approximately three months and resulted in three 100 percent reliable bypasses of Windows Hello authentication," Blackwing's D'Aguanno and Teräs wrote on Tuesday.
Saved 81% of original text.