Microsoft, Dell, and Lenovo laptops had faulty implementations of the Secure Device Connection Protocol in their fingerprint sensors, which enabled Windows Hello authentication bypass and potential app access and data exfiltration activities, SiliconAngle reports. SDCP was not activated in Microsoft’s Surface X two-in-one device, allowing threat actors to possibly leverage malware-laced devices to hijack the fingerprint sensor, according to a report from Blackwing Intelligence.
Source: SC Magazine