If you have laptops floating around that have a Windows fingerprint reader, you better take a closer look at them right now.
Up until a few months ago, almost all laptop manufacturers have used the same software for their readers.
The list includes Acer, ASUS, Dell, Gateway, Lenovo, MSI, NEC, Samsung, SONY, and Toshiba.
The software is called UPEK Protector Suite. It creates a password based on your fingerprint signature, and saves it as (almost) clear text in the registry. According to Elcom Soft, they used simple scrambling that can easily be reversed.
This means that if the laptop is lost or stolen, a password can be easily pulled from the laptop. This can be used to logon to your network, or decrypt files that have been encrypted by Windows EFS.
Elcom Soft has not released the details of the vulnerability, but from the information on their blog we can guess that the password is stored in one of these registry keys:
HKLM\Software\Protector Suite QL
I have put together a small script that will detect if these keys are present:
Rename to .VBS after downloading.
When you run it, it will output a simple response that will tell you when the software is present:
You can feed the script through the remote execute feature of Network Administrator so you can check computers remotely across your network:
Pick the script:
Easily see the responses:
Once you have identified which machines have it, it would be a good idea to uninstall the protector suite, delete those keys, and reset the password on the Windows user account used with the fingerprint reader.
UPEK was bought out by Authentec, so you should be able to get a new secure version by going to the support site for your computer.
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools