Security researchers at Blackwing Intelligence have recently uncovered significant vulnerabilities in the Windows Hello fingerprint authentication system, which is widely used across laptops from Dell, Lenovo, and Microsoft. These findings have raised concerns about the security of fingerprint sensors embedded into laptops, especially since they are commonly utilized by businesses to protect their devices.
The team at Microsoft’s Offensive Research and Security Engineering (MORSE) had engaged Blackwing Intelligence to assess the security of fingerprint sensors. The result of their research was presented at Microsoft’s BlueHat conference in October, shedding light on the vulnerabilities in popular fingerprint sensors from Goodix, Synaptics, and ELAN. Blackwing Intelligence also published a detailed blog post outlining their process of replicating man-in-the-middle (MitM) attacks using a USB device, highlighting the potential risks of stolen or unattended devices being compromised.
Specifically, the researchers successfully bypassed the Windows Hello protection on a Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X, as long as the device had previously been accessed using fingerprint authentication. This feat was achieved through reverse engineering of both software and hardware, exposing cryptographic implementation flaws in the custom TLS on the Synaptics sensor. The intricate process involved decoding and re-implementing proprietary protocols, signaling a significant breach in the security of these fingerprint sensors.
These vulnerabilities are particularly concerning given the widespread adoption of fingerprint sensors due to Microsoft’s efforts to promote a password-less future through Windows Hello. It was reported that nearly 85 percent of consumers were using Windows Hello to sign into Windows 10 devices, emphasizing the scale of the potential impact of these vulnerabilities.
Related Post
This is not the first instance of vulnerabilities in Windows Hello authentication being exposed. In 2021, Microsoft had to address a previous authentication bypass vulnerability related to Windows Hello’s facial recognition feature. The recurrence of such vulnerabilities highlights the persistent challenges in safeguarding biometrics-based authentication systems.
Blackwing Intelligence has also raised concerns about the effectiveness of Microsoft’s Secure Device Connection Protocol (SDCP), designed to establish a secure channel between the host and biometric devices. The researchers noted that SDCP did not cover a significant attack surface exposed by most devices, potentially leaving them vulnerable to exploitation. They recommended that OEMs ensure SDCP is enabled and that the fingerprint sensor implementation is audited by qualified experts to mitigate these risks.
Looking ahead, Blackwing Intelligence is exploring potential memory corruption attacks on sensor firmware, as well as the security of fingerprint sensors on other platforms such as Linux, Android, and Apple devices. This signals the gravity of the situation and underscores the need for comprehensive security assessments and improvements to safeguard biometric authentication systems.
In light of these findings, it is crucial for device manufacturers and software developers to prioritize comprehensive security measures and actively address vulnerabilities to preserve the integrity and reliability of biometric authentication systems. The potential consequences of compromised biometric authentication are far-reaching, necessitating a concerted effort to bolster security measures and mitigate these risks effectively.
