Apple-owned fingerprint software exposes Windows passwords, according to a new report by a pair of security experts, reports “Ars Technica” (http://macte.ch/s2CS7).
The vulnerability is contained in multiple versions of fingerprint-reading software known as UPEK Protector Suite. In July, Apple paid $356 million to buy Authentec, the company that acquired the technology from privately held UPEK in 2010.
“The weakness came to light no later than September, but Apple has yet to acknowledge it or warn end users how to work around it,” says “Ars Technica.” “No one has accused Apple of being responsible for the underlying design of fingerprint-reading software.”
Here’s Authentec’s official description of itself: “AuthenTec encryption technology, fingerprint sensors and identity management software are deployed by the leading mobile device, networking and computing companies, content and service providers, and governments worldwide. AuthenTec’s products and technologies provide security on hundreds of millions of devices, and the Company has shipped more than 100 million fingerprint sensors for integration in a wide range of portable electronics including over 15 million mobile phones. Top tier customers include Alcatel-Lucent, Cisco, Fujitsu, HBO, HP, Lenovo, LG, Motorola, Nokia, Orange, Samsung, Sky, and Texas Instruments.”