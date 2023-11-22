Authentication via Microsoft’s Windows Hello fingerprint was bypassed on Dell, Lenovo and even Microsoft branded laptops. Blackwing Intelligence researchers have discovered several vulnerabilities in the three main fingerprint sensors integrated into laptops and widely used by companies.
Microsoft’s Offensive Research and Security Engineering (MORSE) asked Blackwing Intelligence to evaluate the security of fingerprint sensors, and the researchers provided their findings in a presentation at Microsoft’s BlueHat conference in October.
The team identified popular fingerprint sensors from Goodix, Synaptics and ELAN as targets for their research, with a blog post detailing the in-depth process of building a USB device capable of carrying out a MitM attack. A Dell Inspiron 15, a Lenovo ThinkPad T14 and a Microsoft Surface Pro victims of fingerprint reader attacksallowing researchers to bypass Windows Hello protection, as long as someone has previously used fingerprint authentication on a device.
Researchers at Blackwing Intelligence reverse engineered both the software and hardware and found cryptographic implementation flaws in a custom TLS on the Synaptics sensor. The complicated process of bypassing Windows Hello also involved reverse engineering and reimplementing proprietary protocols.
Windows Hello fails, but it’s not the first time
This isn’t the first time Windows Hello biometrics-based authentication has been defeated. Microsoft was forced to patch a vulnerability in Windows Hello authentication in 2021following a proof-of-concept that involved capturing an infrared image of a victim to spoof Windows Hello’s facial recognition feature.
However, it is unclear whether Microsoft will be able to fix these latest flaws on its own. “Microsoft did a good job designing the Secure Device Connection Protocol (SDCP) to provide a secure channel between the host and biometric devices, but unfortunately Device makers appear to have misunderstood some of the goals“, write Jesse D’Aguanno and Timo Teräs, researchers at Blackwing Intelligence, in their report. “Furthermore, SDCP covers only a very narrow scope of a typical device’s operation, while most devices have a significant exposed attack surface which is not covered by SDCP at all.”
#Microsoft #Windows #fingerprint #security #system #overcome #flaws