2023-11-23 15:04:06
Security researchers at Blackwing Intelligence have revealed serious flaws in Windows Hello fingerprint authentication on laptops from Dell, Lenovo and Microsoft. The vulnerabilities affect Goodix, Synaptics and ELAN fingerprint sensors, which are widely used to ensure device security.
For those in a hurry:
Blackwing Intelligence researchers have identified serious flaws in Windows Hello fingerprint authentication on laptops from Dell, Lenovo and Microsoft, affecting Goodix, Synaptics and ELAN sensors; Affected notebook models include Dell Inspiron 15, Lenovo ThinkPad T14 and Microsoft Surface Pro X , and the vulnerabilities were highlighted during Microsoft’s BlueHat conference; Researchers conducted reverse engineering on the software and hardware, identifying cryptographic flaws in the Synaptics sensor’s custom TLS; and built a USB device to perform man-in-the-middle attacks, bypassing Windows Hello protection; The team recommends that manufacturers enable Secure Device Connection Protocol (SDCP) and perform audits of the sensor implementation.
The investigation was conducted at the request of Microsoft’s Offensive Research and Security Engineering (MORSE), with the results presented at the company’s BlueHat conference. Among the notebook models that the team at Blackwing Intelligence managed to bypass Windows Hello protection are: Dell Inspiron 15, Lenovo ThinkPad T14 and Microsoft Surface Pro X.
Read more:
Bypassing Windows Hello
(Image: Microsoft)
The researchers reverse-engineered both the software and hardware, identifying cryptographic flaws in the Synaptics sensor’s custom TLS. The process involved constructing a USB device to perform man-in-the-middle (MitM) attacks, allowing unauthorized access to laptops or potential “evil maid” attacks on unattended devices.
Fingerprint sensors have become widely popular with Microsoft’s push toward Windows Hello and passwordless authentication. However, this is not the first time that Windows Hello security has been compromised. In 2021, Microsoft patched a vulnerability that allowed authentication to be bypassed by using an infrared image to spoof facial recognition.
For now, it’s unclear whether Microsoft will be able to fix these vulnerabilities on its own. Blackwing Intelligence researchers highlight that although Secure Device Connection Protocol (SDCP) provides a secure channel between host and biometric devices, manufacturers do not fully understand its objectives.
The team recommends that OEMs (“Original Equipment Manufacturer”) activate SDCP and perform sensor implementation audits. Additionally, Blackwing Intelligence explores potential memory corruption attacks on sensor firmware and investigates the security of fingerprint sensors on Linux, Android, and Apple systems.
#Fingerprint #authentication #flaw