Researchers Exposed Fingerprint Authentication Flaw in Windows Hello

Security researchers at Blackwing Intelligence discovered significant vulnerabilities in the fingerprint sensors of laptops from Dell, Lenovo, and Microsoft, compromising the Windows Hello fingerprint authentication system. These flaws, which could allow unauthorized access through sophisticated man-in-the-middle attacks, were revealed after the researchers reverse-engineered the sensors' software and hardware.

Researchers at Blackwing Intelligence have identified vulnerabilities in the fingerprint sensors used in laptops from major manufacturers such as Dell, Lenovo, and Microsoft. This breach, which directly affects the Windows Hello fingerprint authentication system, was disclosed in a detailed presentation at Microsoft’s BlueHat conference.

The investigation, initiated by Microsoft’s Offensive Research and Security Engineering (MORSE) team, was aimed at evaluating the security robustness of fingerprint sensors. The focus was on sensors from Goodix, Synaptics, and ELAN, which are embedded in laptops and widely utilized by businesses for securing devices via Windows Hello fingerprint authentication.

The researchers at Blackwing Intelligence developed a USB device capable of performing a man-in-the-middle (MitM) attack. This attack could potentially grant unauthorized access to a stolen laptop or enable an “evil maid” attack on an unattended device. The vulnerability was demonstrated on a Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X, where the Windows Hello protection was bypassed under conditions where fingerprint authentication was previously used.

The process of bypassing Windows Hello involved reverse engineering both the software and hardware of the fingerprint sensors. The team discovered cryptographic implementation flaws, particularly in a custom TLS protocol used by the Synaptics sensor. The researchers also decoded and reimplemented proprietary protocols, highlighting the complexity of the security breach.

Fingerprint sensors have become increasingly common in Windows laptops, driven by Microsoft’s push towards a password-less future. Microsoft had reported that nearly 85 percent of Windows 10 users were using Windows Hello for signing in, a figure that includes users employing simple PINs.

This incident isn’t the first time Windows Hello’s biometric authentication has been challenged. In 2021, Microsoft addressed a vulnerability that allowed spoofing of Windows Hello’s facial recognition feature using an infrared image.

The current vulnerabilities, according to Blackwing Intelligence researchers Jesse D’Aguanno and Timo Teräs, arise from a misunderstanding by device manufacturers regarding the objectives of Microsoft’s Secure Device Connection Protocol (SDCP). They observed that while SDCP provides a secure channel between the host and biometric devices, it covers only a limited aspect of a device’s operation, leaving other significant areas exposed to potential attacks.

The researchers found that SDCP protection was not enabled on two of the three devices they examined. Consequently, Blackwing Intelligence recommends that OEMs ensure the activation of SDCP and conduct thorough audits of fingerprint sensor implementations by qualified experts. The team is also exploring further security concerns, including memory corruption attacks on sensor firmware and the security of fingerprint sensors on other operating systems like Linux, Android, and Apple.

Bhasker Das
Bhasker Das
Bhasker Das, with a master's in Cybersecurity, is a seasoned editor focusing on online security, privacy, and protection. When not decrypting the complexities of the cyber world, Anu indulges in his passion for chess, seeing parallels in strategy and foresight.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this stream