Microsoft's Windows Hello Fingerprint Authentication Bypassed by Researchers

Security flaws discovered in Dell, Lenovo, and Microsoft laptops could potentially compromise user security.

Security researchers at Blackwing Intelligence have successfully bypassed Microsoft's Windows Hello fingerprint authentication on Dell, Lenovo, and Microsoft laptops.
The research was conducted at the request of Microsoft’s Offensive Research and Security Engineering (MORSE).
Different vulnerabilities were exploited on each device, including cryptographic implementation flaws and decoding proprietary protocols.
The researchers recommend that OEMs ensure the Secure Device Connection Protocol (SDCP) is enabled and that the fingerprint sensor implementation is audited by a qualified expert.
Blackwing Intelligence is also exploring memory corruption attacks on the sensor firmware and fingerprint sensor security on Linux, Android, and Apple devices.