Microsoft’s Windows Hello fingerprint authentication has been bypassed on Dell, Lenovo, and even Microsoft laptops.security researchers Discovered by Blackwing Intelligence There are multiple vulnerabilities in the top three fingerprint sensors built into laptops and widely used by businesses to protect their laptops with Windows Hello fingerprint authentication.
Microsoft’s Offensive Research and Security Engineering (MORSE) commissioned Blackwing Intelligence to evaluate the security of fingerprint sensors, and the researchers reviewed the results. presentation At Microsoft’s BlueHat conference in October. The team identified popular fingerprint sensors from Goodix, Synaptics, and ELAN for investigation in a newly published blog post detailing the detailed process of building a USB device capable of performing man-in-the-middle attacks (MitM). attack. Such an attack could result in access to a stolen laptop or an “evil maid” attack on an unattended device.
The Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro Researchers at Blackwing Intelligence reverse engineered both the software and hardware and discovered that custom TLS on Synaptics sensors had a cryptographic implementation flaw. The complex process of bypassing Windows Hello also involves decoding and reimplementing proprietary protocols.
Thanks to Microsoft’s commitment to Windows Hello and a password-free future, fingerprint sensors are now widely used among Windows laptop users.Microsoft revealed three years ago that almost 85 percent of consumers were using Windows Hello to sign in to their Windows 10 devices instead of using a password (although Microsoft counts a simple PIN as Windows Hello usage).
This is not the first time that Windows Hello’s biometric-based authentication has been broken. Microsoft was forced to fix the Windows Hello authentication bypass vulnerability in 2021. proof of concept This included capturing a thermal image of the victim in order to spoof Windows Hello’s facial recognition capabilities.
However, it is unclear whether Microsoft alone can fix these latest flaws. “Microsoft has successfully designed the Secure Device Connection Protocol (SDCP) to provide a secure channel between a host and a biometric device, but unfortunately device manufacturers appear to have misunderstood some of its purpose.” Jesse D’Aguanno and Timo Teräs of Blackwing Intelligence write: Among them, researchers detailed report About defects. “Furthermore, while SDCP only covers a very narrow range of common device operations, most devices expose a sizeable attack surface that is not covered at all by his SDCP. .”
Researchers discovered that two of the three devices they targeted did not have Microsoft’s SDCP protection enabled. Blackwing Intelligence now recommends that OEMs ensure that SDCP is enabled and that fingerprint sensor implementations are audited by qualified experts. Blackwing Intelligence is also investigating memory corruption attacks on sensor firmware and the security of fingerprint sensors on Linux, Android, and Apple devices.