Security researchers have discovered a security flaw in a deployed on Windows PCs, fingerprint software subsidiary of Apple AuthenTec. It allows you to read a user’s password. As Ars Technicareports, however, an attacker would need to have direct access to the computer of the victim.
Apple had the Australian company that provides hardware and software for fingerprint recognition, acquired in July for $ 356 million. AuthenTec sensors is next and its applications also manufactures embedded security devices such as fingerprint readers.
The flaw is in the UPEK fingerprint software that AuthenTec himself purchased the 2010th Although the application is advertised as a secure login method for a Windows PC, it makes it possible to extract a fingerprint associated with a password. Among other things, the software is used on laptops from Acer, Asus, Dell, Gateway, Lenovo, MSI, NEC, Samsung, Sony and Toshiba for use. Lenovo offers it under the name of ThinkVantage.
End of August, the Russian software company ElcomSoft, which is also a certified Microsoft partner, first pointed out the vulnerability. It called them ” paper element in a steel chain . ” The UPEK software stores a user’s password only weakly encrypted and almost in plain text in the Windows registry. Security researcher Adam Caudill has now understand the error regardless of Elcomsoft can and publish sample code for an exploit.
It is unclear when an update is available, the stuffs the security hole. Apple has become the new owner of AuthenTec not yet ruled on the susceptibility or taken responsibility for. Ars Technica points out, however, that the Windows password is not stored in the registry, if the UPEK software has not been activated. The shutdown of the software alone is not rich, to delete it again. For this the user account must be removed from UPEK.