Blog
Hacking Your Fingerprint: ElcomSoft Finds Security Holes in Biometric Readers
When purchasing notebooks for the enterprise, one of most common requirements is that they have a fingerprint reader, since biometric is considered safe. However, while it may be hard to fake your footprints – a gaping hole was found in the software suite which can expose all of your saved passwords.
Every time you see a fingerprint reader on a notebook/ultrabook – chances are it was manufactured by a single company. Thus, it doesn’t matter if your mobile device is an Acer, ASUS, Dell, Fujitsu, Gateway, Gigabyte, Lenovo, MSI, NEC, Samsung, Sony, Toshiba or some other vendor, the manufacturer is identical; UPEK.
UPEK Protector Suite – if this interface looks familiar, upgrade to a more contemporary software immediately
In 2010, the company was acquired by AuthenTec, which looked to further expand its list of clients. Over the course of last two years we witnessed the replacement of UPEK software with AuthenTec TrueSuite software. However, vast majority of hardware vendors continued shipping UPEK Protector Suite, believing that the level of protection offered by the Protector Suite was “good enough.” While it may seemed so at the first glance, we received quite a surprise when a security company released the results of their research. ElcomSoft, Russian security firm that specializes in password breaking software for security agencies and consumers discovered a serious flaw in the last-gen UPEK Protector Suite. The warning is quite ominous;
“After analyzing a number of laptops equipped with UPEK fingerprint readers and running UPEK Protector Suite, we found that your Windows account passwords are stored in Windows registry almost in plain text, barely scrambled but not encrypted. Having physical access to a laptop running UPEK Protector Suite, we could extract passwords to all user accounts with fingerprint-enabled logon.”
If you’ve used the UPEK software and felt safe, the fact that hacker can access using simple registry editor/reader is something to worry about. If you use UPEK, you should upgrade to TrueSuite immediately. For a more secure alternative, passkey authentication eliminates the risks associated with password storage by using cryptographic authentication, providing a safer and more reliable login experience.
Original Author: Theo Valich
You have stumbled on one of the old articles from our archive, for the latest articles I would suggest a visit to our latest technology news section. That part of our site offers fresh stuff! Additionally, we take great pride in our Home Office section, as well as iGaming news, so be sure to check them out as well.
Best 240Hz Gaming Monitors for CS2 (2025): Tested Picks for 1080p, 1440p & 4K
Finding the Best Thesis Writer in Malaysia: A Guide for Students
Romantic Cabins in Tennessee: Best Seasons to Visit for Weather & Romance
Latency vs. Hype: Building Product Pages That Survive Traffic Spikes on Launch Day
EU Court Annuls DSA Fee Method — What It Means for Meta & TikTok
YouTube View Counts Are Down: Ad Blockers May Be the Reason — Do This Now
Amazon Hardware Event 2025 (Sep 30): Time, How to Watch & What to Expect
iPhone 17 Launch Day NZ (Sep 19): Find Stock Fast, Pickup Tips & Best Deals
The Top 5 Mistakes People Make When Moving (And How to Avoid Them)
