updated 11:00 pm EDT, Tue October 9, 2012
Apple-owned Authentec's software at fault, exploit available
Several PC security firms have independently verified a weakness in Authentek's UPEK Protector Suite that allows hostile users with physical control of a machine to rapidly recover Windows account passwords. The software is pre-installed in Windows-based PCs by makers including Dell, Gateway, NEC, Samsung, Sony, and Toshiba. An open-source exploit of the flaw has been released by a pair of security researchers so that paid intrusion testers can exploit the weakness.
Last month, password-cracking tool developer Elcomsoft warned that the UPEK software possibly makes users less secure than they would be due to the insecure storage of user passwords in the registry, with light encryption easy for hackers to break. When UPEK isn't activated, Windows does not store account passwords in the registry unless the user has configured an account to automatically log in -- but once the user has done so even once, the passwords are stored even after permission for auto login has been revoked.
"From a penetration testing perspective, local administrator access is required to obtain the necessary registry key's value, so it only matters if you already have control of the PC," Brandon Wilson, one of the security consultants, told Ars Technica in an interview. "But since so many of these devices are used in corporate environments, it makes it easy to obtain domain credentials, and from there, easily expand an attack to other systems."
Apple bought out AuthenTec in July, and as is normally the case for the company, the acquisition appears to have been solely to support its own products, with rumors pointing to a discontinuation of non-Apple uses of the technology in 2013. Neither Apple nor Authentec has commented on the security flaw.