Vulnerabilities in Windows Hello Fingerprint Authentication Exposed by Researchers

Highlights

• Blackwing Intelligence finds flaws in Windows Hello fingerprint authentication.

• Dell, Lenovo, and Microsoft laptops vulnerable to fingerprint reader attacks.

• Researchers execute man-in-the-middle attacks to bypass security.

• Microsoft’s SDCP protocol lacks comprehensive coverage of device operations.

Security researchers at Blackwing Intelligence have uncovered vulnerabilities in Windows Hello fingerprint authentication, affecting laptops from top brands like Dell, Lenovo, and Microsoft.

The findings, revealed at Microsoft’s BlueHat conference in October, highlight potential security risks in widely used biometric sensors.

Breakthrough in Fingerprint Sensor Security Research

Blackwing Intelligence was tasked by Microsoft’s Offensive Research and Security Engineering (MORSE) team to assess the security of fingerprint sensors.

The research focused on popular sensors from Goodix, Synaptics, and ELAN, which are integral to Windows Hello fingerprint authentication used by many businesses.

The researchers successfully engineered a USB device capable of executing a man-in-the-middle (MitM) attack, potentially allowing unauthorized access to laptops.

Vulnerabilities in Leading Laptops

The vulnerabilities discovered by Blackwing Intelligence were tested on several laptop models, including Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X.

The researchers managed to bypass Windows Hello protection on these devices, exploiting cryptographic flaws in the Synaptics sensor and decoding proprietary protocols.

The Bigger Picture of Biometric Security

Windows Hello’s push towards a password-less future has led to an increased reliance on fingerprint sensors for Windows laptop users.

However, this isn’t the first time Windows Hello biometrics-based authentication has faced security challenges.

In 2021, Microsoft addressed a vulnerability that allowed bypassing Windows Hello facial recognition using an infrared image of a victim.

Challenges in Fixing Security Flaws

Addressing these new vulnerabilities may not be straightforward for Microsoft alone.

Blackwing Intelligence researchers, Jesse D’Aguanno and Timo Teräs, note in their report that while Microsoft’s Secure Device Connection Protocol (SDCP) aims to secure communications between the host and biometric devices, device manufacturers might not fully grasp its objectives.

Furthermore, SDCP covers only a limited aspect of device operations, leaving a considerable attack surface unprotected.

FAQs

Q: What was the nature of the vulnerability found in Windows Hello fingerprint authentication?

A: Researchers at Blackwing Intelligence discovered vulnerabilities in the fingerprint sensors of Windows Hello, affecting laptops from Dell, Lenovo, and Microsoft. These flaws could potentially be exploited through man-in-the-middle attacks, allowing unauthorized access by bypassing the biometric security.

Q: Which laptop models were found to be vulnerable?

A: The vulnerability was identified in several models, including the Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X. These findings highlight a broader issue with the security of Windows Hello fingerprint authentication across multiple devices.

Q: How did the researchers bypass the Windows Hello security?

A: The researchers at Blackwing Intelligence engineered a USB device capable of performing man-in-the-middle attacks. They exploited cryptographic implementation flaws in the fingerprint sensors and decoded proprietary protocols, effectively bypassing the Windows Hello security system.