Microsoft’s Windows Hello fingerprint authentication, a widely used security measure on laptops from major brands like Dell, Lenovo, and Microsoft, has been found vulnerable to bypass attacks. Blackwing Intelligence, commissioned by Microsoft’s Offensive Research and Security Engineering (MORSE), discovered multiple vulnerabilities in popular fingerprint sensors from Goodix, Synaptics, and ELAN. These sensors are integral to Windows Hello, a key element in Microsoft’s push for a password-less future.
The researchers revealed their findings at Microsoft’s BlueHat conference, outlining a sophisticated process to create a USB device capable of executing a man-in-the-middle (MitM) attack. The attack could compromise a stolen or unattended laptop protected by Windows Hello fingerprint authentication. Notably, Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X were all susceptible to these attacks.
The vulnerabilities involved flaws in the cryptographic implementation of a custom TLS on the Synaptics sensor, requiring reverse engineering of both software and hardware. Despite Microsoft’s efforts to design a Secure Device Connection Protocol (SDCP) for a secure channel between the host and biometric devices, the researchers found that OEMs often misunderstand its objectives, leaving a substantial attack surface exposed.
While this isn’t the first time Windows Hello biometrics-based authentication has faced challenges, the present vulnerabilities raise concerns about the efficacy of current security measures. The researchers recommend OEMs ensure the proper implementation of SDCP and conduct audits by qualified experts to enhance security. Blackwing Intelligence is also exploring potential memory corruption attacks on sensor firmware and assessing fingerprint sensor security on Linux, Android, and Apple devices.