A serious security flaw has been found on fingerprint reading software that comes pre-installed on laptops sold by Dell, Sony and 14 other manufacturers. This vulnerability can lead the hackers who have physical control of the device to recover Windows account passwords, reports Ars Technica.
The vulnerability is found within multiple versions of fingerprint-reading software in the UPEK Protector Suite. In July, Apple has paid $365 million to buy Authentec, the company that acquired the technology from UPEK in 2010.
This UPEK software is marketed as a secure means for logging in to Windows computers using the owners fingerprint instead of a memorized password. But in reality, it can be said that the software makes Windows PCs less secure compared to the traditional password method.
Elcomsoft, a Russia based password cracking software developer says that this method stores Windows passwords to the registry and encrypts them with a key that is really easy for hackers to retrieve. For a smart hacker, it would take only a few seconds with the key to extract a password.
This vulnerability is found in the software labeled as “UPEK Protector Suite”. This software is also rebranded by Lenovo as ThinkVantage Fingerprint Software. Some of the PC makers that pre-install this software are Asus, Compal, Dell, Gateway, IBM/Lenovo, MSI, Samsung, Sony, Toshiba, etc.
For now there is no recall or warning published by the manufacturers or the software company. Apple Inc. (NASDAQ:AAPL) is yet to acknowledge this issue publicly.