Full writeup is a much better read: <a href="https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/" rel="nofollow noreferrer">https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/</a><p><i>"Microsoft did a good job designing SDCP to provide a secure channel between the host and biometric devices, but unfortunately device manufacturers seem to misunderstand some of the objectives. Additionally, SDCP only covers a very narrow scope of a typical device’s operation, while most devices have a sizable attack surface exposed that is not covered by SDCP at all.<p>Finally, we found that SDCP wasn’t even enabled on two out of three of the devices we targeted."</i> Oof.
How do I, as a consumer, validate that my fingerprint sensor uses SDCP?<p>Reading through all of this it seems that protecting myself by enabling cover tampering (which prevents a hacker from replacing the fingerprint reader without tripping the TPM) and only allow booting into Windows.
HEADLINE: MICROSOFT SECURITY BYPASSED<p>First sentence of this click bait horse shit:
Security researchers have found flaws in the way laptop manufacturers are implementing fingerprint authentication.<p>So fucking sick of clickbait.
And this, ladies and sirs, why we should prefer Macbooks and Linux in security critical productivity work. Microsoft Windows and its hardware partners, with their device drivers and lack of transparency, have been a dumpster fire for the last 30 years.