Apparently, the Windows Hello fingerprint authentication system is easily bypassed on Dell laptops, Lenovo laptops, and even Microsoft laptops. Security researchers at Blackwing Intelligence have discovered multiple vulnerabilities in three tested fingerprint sensors that are embedded in these laptops and are widely used by laptop manufacturers.
Microsoft Security Research and Engineering (MORSE) asked Blackwing Intelligence to evaluate the security of fingerprint sensors, and the researchers presented their findings at Microsoft’s BlueHat conference in October.
This team introduced the popular fingerprint sensors of Godix, Synaptics and ELAN as their research targets and in blog post which has just been published, details the process of building a USB device that can perform a MitM attack.
Man-in-the-middle attack or MitM is a method of active eavesdropping in which the attacker establishes independent communication with the victim and replays the messages between them. Such an attack can provide thieves access to laptop information.
Lenovo ThinkPad T14, Microsoft Surface Pro X and Dell Inspiron 14 laptops have been victims of fingerprint detection attacks. Researchers were able to bypass Windows Hello protection as long as someone used fingerprint authentication on the device.
Blackwing Intelligence researchers reverse-engineered both software and hardware, and discovered flaws in TLS (Transport Layer Security) encryption implementations in Synaptics sensors. The complex process of bypassing Windows Hello also involved decoding and re-implementing proprietary protocols.
Windows laptop users now widely use fingerprint sensors thanks to Microsoft’s move toward Windows Hello and a password-free future. Three years ago, Microsoft announced that nearly 85 percent of users use Windows Hello to sign in to Windows 10 devices instead of passwords.
This isn’t the first time Windows Hello’s biometric sensor-based authentication has failed. In 2021, to discover the vulnerability of this system, Microsoft took an infrared image of one of the victims to see if the system could be fooled. Finally, Microsoft was forced to fix the Windows Hello vulnerability.
However, it is not clear that Microsoft can fix these flaws on its own. Jesse D’Aguano And Timo TerraceIn their detailed report on these flaws, Blackwing Intelligence researchers say: “Microsoft did the right thing by designing the Secure Device Connection Protocol (SDCP) to create a secure channel between the host and biometric sensors; “But unfortunately, sensor manufacturers seem to have misunderstood some of the objectives.”
The researchers found that Microsoft’s SDCP protection system was not enabled on two of the three devices they tested. Blackwing Intelligence currently advises laptop manufacturers to ensure SDCP is enabled and to have a qualified professional review the implementation and installation of the fingerprint sensor on laptops.
Blackwing Intelligence is also investigating memory leak attacks on sensor hardware and even fingerprint sensor security on Linux devices, Android phones, and iPhones.
