Share this story Getting IT Done. Fingerprint-reading software preinstalled on laptops sold by Dell, Sony, and at least 14 other PC makers contains a serious weakness that makes it trivial for hackers with physical control of the machine to quickly recover account passwords, security researchers said. The, which was two years ago, is marketed as a secure means for logging into Windows computers using an owner's unique fingerprint, rather than a user-memorized password. In reality, using the software makes users less secure than they otherwise would be. When activated, the software writes Windows account passwords to the registry and encrypts them with a key that is easy for hackers to retrieve.
Once the key has been acquired, it takes seconds to decrypt the password. 'After analyzing a number of laptops equipped with UPEK fingerprint readers and running UPEK Protector Suite, we found that your Windows account passwords are stored in Windows registry almost in plain text, barely scrambled but not encrypted,' said an, a Russia-based developer of password-cracking software. 'Having physical access to a laptop running UPEK Protector Suite, we could extract passwords to all user accounts with fingerprint-enabled logon.' When Protector Suite isn't activated, Windows doesn't store account passwords in the registry unless users have specifically configured an account to automatically log in. Security experts have long counseled people not to use automatic login. That means computers that use the UPEK app are at a severe disadvantage compared with people who use a strong password to log in to a Windows account.
The most obvious disadvantage is for those computers that have a Windows feature known as enabled to prevent third parties from accessing sensitive files or folders. The key that unlocks that encrypted data is controlled by a Windows account password. Once the password is retrieved, the EFS-encrypted data stored on the computer can quickly be decrypted.
Further, having quick access to the account password could unlock other data that might otherwise be harder to obtain. The Windows, for example, is also closely tied to account passwords and controls access to credentials used by Outlook, Internet Explorer, and possibly other applications. Of course, any time a PC is physically controlled by a hacker, its passwords are vulnerable to cracking attacks that have. But without the use of the UPEK Protector Suite, hackers have access only to one-way password hashes, which, depending on the complexity of the underlying passcode, can take years or centuries to recover using brute-force methods. Use of the fingerprint software guarantees the success of the cracking operation, and it can also significantly reduce the time it takes. The easily cracked passwords are stored in the Windows registry even after the Protector Suite software has been deactivated, according to the Elcomsoft advisory. It is only removed when a user manually deletes it.
The precise registry location of the encrypted password is not yet known. This article will be updated with instructions for locating and removing it if that information can be obtained. Authentec no longer actively markets Protector Suite, but according to, the app ships—or used to ship—on laptops manufactured by 16 different companies. In addition to Dell and Acer, other PC makers include Amoi, Asus, Clevo, Compal, Dell, Gateway, IBM/Lenovo, Itronix, MPC, MSI, NEC, Sager, Samsung, Sony, and Toshiba. It's unclear if Authentec officials plan to recall the product or issue an advisory warning laptop owners of the vulnerability.
Company representatives didn't respond to Ars Technica e-mails requesting comment for this article. The Elcomsoft findings follow research published last month that showed that from Windows 7 and Windows 8 machines.
The discovery serves as a useful reality check for marketers who portray fingerprints and other user biometrics as a panacea for the difficulty of remembering and securing passwords. In fact, biometric readers are only as secure as the software that implements them. And even when devices are free of such implementation errors, biometrics such as and may be vulnerable to cloning, opening up the possibility of a new class of attacks on the alternate authentication methods.
According to Elcomsoft, Authentec officials have already said they're aware of the weakness. If true, it's disappointing that the company has yet to share that knowledge with the millions of people who likely have the software installed on their computers. A tutorial included with UPEK Protector Suite 2009 installed on a Sony Vaio touts the convenience of the application with the tag line: 'Protect your digital privacy.' It goes on to emphasize the benefits of using Protector Suite to encrypt files and folders. Now that a weakness has come to light that seriously undermines those assurances, Authentec should recall the software, or at the very least warn users that it is susceptible to serious attack.
Most laptops today ship with a fingerprint reader. Most likely, you have a laptop with one. Until very recently, most major manufacturers such as Acer, ASUS, Dell, Gateway, Lenovo, MSI, NEC, Samsung, SONY, Toshiba, and many others were using fingerprint readers manufactured by a single company: UPEK. Preface ElcomSoft discovered a major flaw with UPEK Protector Suite, which was the software shipped with the majority of laptops equipped with UPEK fingerprint readers until the company was acquired by Authentec and switched to different software.
Even today, when UPEK is acquired by Authentec which now uses TrueSuite® software, many (or most) existing laptop users will simply stay with the old flawed software, not feeling the need to upgrade. Does Fingerprinting the User Lead to Tighter Security? Laptops normally come loaded with pre-installed software. Among other things manufacturers install on your brand-new laptop is software communicating with UPEK readers: UPEK Protector Suite. The suite manages fingerprint reading hardware, offering users the convenience of substituting the typing of passwords with a single swipe of a finger. Ultimately, UPEK Protector Suite caches your passwords, offering near-instant login to Web sites and Windows itself. Logging into Windows by swiping a finger instead of clicking and typing a (probably long and complex) password sounds tempting.
And, it works. A simple swipe of your finger, and you’re in. Wonderful; but what about security? Here’s what UPEK says on its Web site about the Windows login: “Protector Suite QL allows for secure access to Windows by swiping your finger instead of typing a password.” Notice the “secure” part? Well, we found out UPEK makes Windows login anything but secure. In fact, the UPEK’s implementation is nothing but a big, glowing security hole compromising (and effectively destroying) the entire security model of Windows accounts. The Issue with UPEK Protector Suite After analyzing a number of laptops equipped with UPEK fingerprint readers and running UPEK Protector Suite, we found that your Windows account passwords are stored in Windows registry almost in plain text, barely scrambled but not encrypted.
Having physical access to a laptop running UPEK Protector Suite, we could extract passwords to all user accounts with fingerprint-enabled logon. Putting things into perspective: Windows itself never stores account passwords unless you enable “automatic login”, which is discouraged by Microsoft. If you use the Windows auto-logon feature, you’ll see a message saying “Using automatic logon can pose a security risk because anyone that has access to your computer will have access to your programs and personal files.” Simply said, no corporate user will ever use this “automatic logon” feature, which is often banned by corporate security policies. However, fingerprint logon is rarely, if ever, barred. The common perception is that biometric logon is just as, or maybe more secure than password-based one. While biometric logon could be implemented that way, UPEK apparently failed. Instead of using a proper technique, they preferred the easy route: UPEK Protector Suite simply stores the original password to Windows account, making it possible for an intruder to obtain one.
Storing Windows account passwords in plain text is bad practice. It defeats the entire purpose of enhanced security. In fact, with current implementation, we cannot speak of any security as the entire PC becomes extremely easy to exploit to anyone aware of this vulnerability. This time around, UPEK made it completely wrong, introducing a paper link to a stainless steel chain. If Your Windows Logon Password Is Compromised What happens if someone gets to know your Windows account password?
Fingerprint Reader Suite Upek
First, they obviously gain access to all your files and documents. Of course, if they had your laptop and its hard drive at their disposal, they could to that anyway – with one exception: they would not be able to read EFS-encrypted files (those that have the “Encrypt contents to secure data” checkbox ticked in the file properties – Attributes – Advanced). EFS encryption is extremely strong and impossible to break without knowing the original Windows account password. And here comes UPEK Protector Suite. Conveniently storing your plain-text account password, the suite gives the intruder the ability to access your used-to-be-protected EFS encrypted files. The Scope of the Issue The scope of this issue is extremely broad. It is not limited to a certain laptop model or manufacturer.
All laptops equipped with UPEK fingerprint readers and running UPEK Protector Suite are susceptible. If you ever registered your fingerprints with UPEK Protector Suite for accelerated Windows logon and typed your account password there, you are at risk.
Course of Action If you care about security of your Windows account, launch UPEK Protector Suite and disable the Windows logon feature. That should clear the stored password for your account. Note that you should clear all stored account passwords to protect all user accounts. What We Did ElcomSoft will not disclose full detail in the interests of public responsibility. We notified former UPEK about the issue (but sure enough they know about it). We also prepared a demo application, which displays partial login credentials of users who enabled fingerprint login. We won’t give it away to general public; only a limited number of hi-tech journalists will receive this software.
I’m amazed that no-one gets it!!! There’s no real security using these fingerprint readers other then it automatically puts in your info when you need it. So if anyone breaks into your computer via the internet or home, it’s all there for them to search for at THEIR convince and then break the code (they do it all the time). How stupid is that? Nothing really has been changed!!! These criminals are NOT DUMMIES!!! It’s like storing your gun and bullets in two different locked boxes but NEXT TO EACH OTHER!!!
It’s all there and waiting to be broken into I thought these fingerprint readers stored your passwords IN the fingerprint reader. Having it done this way gives you the option after using it (fingerprint reader) to remove it (via the usb port) from the computer and store the device and your passwords in a secured location (thereby removing any access to secured websites of your information if your computer was to be broken into Home/Internet) Moronic companies!! No wonder why it’s so easy for these criminals to steal your passwords Nothing on your computer is secured no matter how secure you make it. Gzeee, what a bunch of MORONS (companies that make these fingerprint readers)! PS: If you’re getting a fingerprint reader for security, you’re just delaying the problem for a moment in time. If you want to increase your security, then either remove your hard drive or find a fingerprint reader that stores all your passwords on IT!!!
All the fingerprint readers that store your personal info on the computers hard drive is a joke for the experience password breaker.
Last weekend I Installed the RTM on my notebook (hp tx2000z) and everything is working OK except for the finger print reader (Authentec AES1610), there were some problems with the Vista drivers but the beta driver provided by Authentec solved the problems. But now the software that hp provided to manage the logon information for apps, Bioscrypt Verisoft Access Manager , is not working with RTM, it used to work fine with RC1, the software is blocked by Windows itself.
It seems Authentec has released a new version of its own software (TrueSuite), but they don't provide a link for a download. Anybody has a download link for this sofware? Rolando Ramirez. Why haven't you contacted Authentec Support and asked them about updated drivers? I would guess you would also gain access to the download link if you created a user account at Authentec to be able to logon for more site access. Support To support our valued current and potential customers and solution providers, AuthenTec has established a global team of experts who can provide you with the assistance you need. At AuthenTec, we are committed to delivering superior support services.
HP Support may be the best place to contact. From what is stated on AuthenTec's website thay may provide the updated drivers to the vendor, HP in this case. Hi Rolando I have a similar problem as you. I have done a clean install of Win 7 home premium on my HP Pavilion DV6606TX, which was previously running Vista. The VeriSoft Access Manager by Bioscrypt fingerprint software I used before is apparently not compatible with Win7. In any case, I see the company, now L-1 Identity Solutions, has discontinued the VeriSoft Access Manager. My backed up Verisoft profile is thus useless, losing all my passwords.
Now I have AuthenTec AES2501A Fingerprint Driver installed, which installed automatically by Win7. In the driver window, it says it works fine and when I go to Biometric devices and try to register my fingerprint, it launches TrueSuite 2.0 by AuthenTec. But when I swipe my finger there is no reaction. On the company's website they say that: The newest version of TrueSuite is designed to be compatible with AuthenTec sensors only. So is this the problem and what to do now? Seems you have found 'a' solution not 'the' solution and this is really a poor show by HP, the so-called Nr.
1 computer company in the world. Don't know about you but my laptop is just 2 years old and for them not to provide support for Win 7 is just beyond belief. Hi Rolando I have a similar problem as you.
I have done a clean install of Win 7 home premium on my HP Pavilion DV6606TX, which was previously running Vista. The VeriSoft Access Manager by Bioscrypt fingerprint software I used before is apparently not compatible with Win7. In any case, I see the company, now L-1 Identity Solutions, has discontinued the VeriSoft Access Manager. My backed up Verisoft profile is thus useless, losing all my passwords. Now I have AuthenTec AES2501A Fingerprint Driver installed, which installed automatically by Win7. In the driver window, it says it works fine and when I go to Biometric devices and try to register my fingerprint, it launches TrueSuite 2.0 by AuthenTec. But when I swipe my finger there is no reaction. On the company's website they say that: The newest version of TrueSuite is designed to be compatible with AuthenTec sensors only. So is this the problem and what to do now? Seems you have found 'a' solution not 'the' solution and this is really a poor show by HP, the so-called Nr.
1 computer company in the world. Don't know about you but my laptop is just 2 years old and for them not to provide support for Win 7 is just beyond belief. Then tell HP exactly how you feel since they are responsivle for the hardware they sell!
![Fingerprint reader suite upek Fingerprint reader suite upek](/uploads/1/2/3/7/123733715/698650662.jpg)
![Fingerprint reader software windows 10 Fingerprint reader software windows 10](/uploads/1/2/3/7/123733715/553142248.jpg)
Microsoft is not responsible for HP hardware! Rick, believe me I have, as have many many others who have similar or worse problems. But they just don't give a about their customers and at the end of the day I need a solution, which is why I'm trying everywhere possible. Having dealt with PCs for more than 25 years I am fully aware that customers want solutions, but you're not going to get s solution if you don't address the problem to the entity responsible for the product. Microsoft does not, and never has, provided solutions for third party products.
Yes, hardware support included is better than Vista, and Vista was better than XP, etc, but it's only because the drivers for third party products have been supplied TO Microsoft! If I need something fixed on my Volvo I'm not going to go to a BMW garage or a Chrysler garage, I'm going to go to a Volvo garage!
It's exactly the same with computer hardware - you make your problem known to the source of the hardware, otherwise the problem will NEVER be addressed and resolved! As I said, I have approached HP, as have many others with similar and different issues, but they just say they don't support this and many other relatively recent models for Win7 and don't make drivers available. I called tech support and had a long argument with the guys about this. So what more you gonna do??? Like I said, I'm just trying everywhere I can to find a solution and while I take your point, you can see for yourself that many issues disussed in this forum are about 3rd party software by users who are frustrated by lack of support from their respective PC manufacturer. It's especially frustrating because Win7 didn't appear suddenly out of the blue and there have been betas and the RC, so time and chance enough for them to sort their out!!!
On this particular issue, you saw that Rolando contacted Authentec - without result! So unless and until all those firms get their tech support act together, these types of forums will be the lifeline for stranded users.
Hello Draco58! I have exactly the same promblem as you but with a Lenovo N200 (though the fingerprint sensor is the same).
I figured out a very tricky solution: - I didn't delete TrueSuite, but installed UPEK 's Protector Suite as well. I could enroll my fingers in that software and that worked fine, but I didn't want to use UPEK, so I deleted Protector Suite, but kept the fingerprint settings.
Then AuthenTec's login software worked correctly with my fingerprint data from UPEK. I had been using this setup for over 3 months, but it suddenly stopped working.
Now I've been looking for a proper solution. (If I can't find anything useful, I will try my own solution again, it's just a lot of time to restart the computer so many times:) ). I hope I am posting my question where it belongs. If it is not under the appropriate header, I would appreciate being told and I would repost.
Microsoft Fingerprint Reader Software
I recently installed Vista on my laptop which included the True Suite Access Manager Fingerprint Software. Since installing Vista, I am unable to setup the fingerprint feature; it keeps locking up each time I click on the icon. (The Fingerprint feature worked perfectly when XP was installed.) Could you please tell me what must I do to fix the problem. Thanks in advance. Btw, I have a Toshiba Satellite A305.
I finally got my HP Pavilion Dv2700 finger print reader working after two days working with HP and Microsoft. I upgraded from Vista 32bit to Windows 7 (64bit) and tried the following insructions (see earlier posts) multiple time to no avail.
Download DigitalPersona v4.0.1.3749A from hp.com and install it (32-bits:, 64-bits: ) 4) Update DigitalPersona to v4.11 using the autoupdate feature of the software 5) Reboot & Enjoy Rolando Ramirez Finally at the suggestion of Microsoft, I updated motherboard Intel chipset drivers. Found on HP site. After updating motherboard drivers everything worked fine. The fingerprint reader drivers installed with Windows 7. Had to follow Ramirez suggetions to get management software.
Sql anywhere 9. Jan 23, 2018 SQL Anywhere for 64 bit Windows 9.0. Please visit the main page of SQL Anywhere for 64 bit Windows on Software Informer. Crystal icr 3.0 download. I'm going back and installing SQL Anywhere 9. But I just don't have the download files and can't. The 9.0.2 64-bit install basically contained the server.
Hope this helps. Thanks a lot Rolando. This worked out well for me. Thanks a lot guys I have a LENOVO3000N100 type 0768-4BG Laptop and after updating my OS to WinXP pro I purchased the Omnipass Software to work with the embedded Authen Tec AES2501A fingerprint reader. Recently a newer OS update to Windows 7 32bit professional made this device unusable again (!).
Before purchasing the omnipass software once again I found your forum and finally Rolando's method answered my problem. My advice to all LENOVO 3000 users is to install manually the Authentec Driver 7.7.0.19 / 01-11-06 over Device manager manual driver choice after installing a driver package as shown above. Ra rz iso tabel ruwheid. Afterwards install the Digital Persona and evrything will work!!!
I too am using Windows 7 and have noticed the same limitations, do not have a solution but am curious to hear the answer to Marwanie's question. I also have tried the beta version of Protector Suite 2009 because I needed it in order to be compatible with Firefox 3.5, but it too is limited. My question is, do I have to purchase another license for 2009 because I want to be able to use my fingerprint reader to it's full abilities?
I am also disappointed with the frequencies of updates of the Protector Suite software on Dell's website. I used to have to go directly to Upek to download latest builds in order to maintain compatibility with Firefox. Thanks to anyone that can help me out with this! Descent 2 windows xp patch.
Similar situation, I installed Windows 7 Ultimate in the autumn. I've just updated to the latest UPEK TouchChip Fingerprint Coprocessor driver which uses the latest (more secure)Windows Biometric technology available in Windows 7 and discovered that Dell's latest version of the UPEK Protector Suite QL isn't actually compatible with the Windows Biometric Framework. Seems a bit frustrating that Dell aren't making the Protector Suite 2009 available - they seem to be pretty slow with their drivers altogether. NVIDIA are always several versions ahead of the Dell Drivers download page.
Dell are selling machinese with software and drivers that are generally 12-18 months out of date. SONY have the latest UPEK software available, but of course it doesn't work with DELL machines. If people want the latest version of the UPEK software they can choose between a free limited version: or the full version: It is difficult to get the new drivers to install properly. Unfortunately UPEK has named the new driver 1.2.x and the old drivers were 1.9.x. Trying to update to the new drivers results in a message saying that the system already has the most up to date drivers. It is necessary to delete every trace of the old drivers (there were several different versions on my system) to prevent Windows 7 automatically installing a 1.9.x version.
Then maunally install the new drive by pointing the device manager to the path of the place where you've saved the new drivers.