Fingerprint-reading software that comes pre-installed on laptops sold by Dell (DELL), Sony (SNE) and at least 14 other manufacturers has been independently confirmed to contain serious vulnerabilities. It has been discovered that hackers with physical control of select PCs can potentially access Windows account passwords. The vulnerability is found within multiple versions of fingerprint-reading software in the UPEK Protector Suite, which is marketed as a secure means of logging into Windows computers.
In reality, the software actually makes Windows computers less secure compared to using a traditional password. When activated, the program stores Windows account passwords to the registry, however the encryption key is easy for hackers to retrieve and once acquired, it takes only seconds to decrypt the password. The UPEK Protector Suite was purchased by Authentec in 2010 and in July of this year Apple acquired Authentec for $356 million. The Cupertino-based company has yet to acknowledge the issue publicly.
[Via Ars Technica]
- Technology & Electronics