Microsoft, Dell, and Lenovo laptops have their Windows Hello Fingerprint Authentication System caught

Search

  • Home
  • TECH
  • Microsoft, Dell, and Lenovo laptops have their Windows Hello Fingerprint Authentication System caught

Microsoft, Dell, and Lenovo laptops have their Windows Hello Fingerprint Authentication System caught

Three laptops—Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro Type Cover with Fingerprint ID—served as the subjects of the experiment.

|
November 26, 2023 12:10 IST
Microsoft, Dell, and Lenovo laptops have their Windows Hello Fingerprint Authentication System caught
Microsoft, Dell, and Lenovo laptops have their Windows Hello Fingerprint Authentication System caught

New Delhi: The Windows Hello security feature, which allows users to enter Windows-powered devices without using a password, may not be very safe.

It was recently requested to assess the safety of the three most popular fingerprint sensors used in laptops by Microsoft’s Offensive Research and Security Engineering (MORSE), as stated in a blog post by Blackwing Intelligence. As a result, several security holes were found that might enable an attacker to fully circumvent Windows Hello Authentication.

Three laptops—Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro Type Cover with Fingerprint ID—served as the subjects of the experiment.

Jesse D’Aguanno and Timo Teräs of Blackwing hacked the laptops’ inbuilt fingerprint sensors, which were manufactured by Goodix, ELAN, and Synaptics.

All the fingerprint sensors that were put through their paces were Match-on-Chip (MoC) sensors, which means that they each had their CPU and storage, enabling safe fingerprint matching right on the chip.

Although MoC sensors do a good job of preventing stored fingerprint data from being replayed to the host for matching, it is still possible for a malicious sensor to imitate a legal sensor’s connection with the host. Replaying previously seen communication between the host and sensor or giving the misleading impression of successful user authentication are also possible outcomes.

The Secure Device Connection Protocol (SDCP) was an attempt by Microsoft to prevent attacks that would have taken advantage of these vulnerabilities; it should have verified the fingerprint device’s trustworthiness and health and protected the data transmitted between the fingerprint device and the host on the devices in question.

Regardless, the security researchers were able to circumvent Windows Hello authentication on all three laptops by using man-in-the-middle (MiTM) attacks which relied on a bespoke Linux-powered Raspberry Pi 4 device.

They utilised hardware and software reverse engineering to crack the Synaptics sensor’s unique TLS protocol’s cryptographic implementation defects and decipher and re-implement private protocols.

By impersonating a real Windows user and registering their fingerprint, an attacker may circumvent authentication on Dell and Lenovo laptops. This was made possible since the Synaptics sensor utilised a bespoke TLS stack instead of SDCP to encrypt USB traffic.

After removing the Type Cover that contained the fingerprint sensor from the Surface tablet, they were able to spoof the sensor and provide acceptable login replies. The real sensor on the device lacked authentication, utilised a cleartext USB connection, and was not protected by SDCP.

According to the researchers, device makers seem to misinterpret some of the goals, despite Microsoft’s excellent work in building SDCP to provide a secure connection between the host and biometric devices.

Most devices have a large attack surface that SDCP does not cover, and SDCP only covers a restricted portion of their function. After discovering SDCP disabled on two of three targeted laptops, Blackwing Intelligence advises biometric authentication suppliers to activate SDCP to prevent attacks.

  • Share:
Latest