Jump to content
  • Researchers have successfully bypassed Microsoft's Windows Hello fingerprint authentication


    Karlston

    • 664 views
    • 2 minutes
     Share


    • 664 views
    • 2 minutes

    A security group hired by Microsoft to test its Windows Hello fingerprint authentication hardware and software has posted word they were able to bypass that technology on a number of laptops, including a Microsoft Surface product.

     

    The Blackwing Intelligence group revealed their findings in October as part of Microsoft's BlueHat security conference but only posted their results on their own site this week (via The Verge). The blog post, which has the catchy title "A Touch of Pwn", stated the group used the fingerprint sensors inside the Dell Inspiron 15 and the Lenovo ThinkPad T14 laptops, along with the Microsoft Surface Pro Type Cover with Fingerprint ID made for the Surface Pro 8 and X tablets. The specific fingerprint sensors were made by Goodix, Synaptics, and ELAN.

     

     

    All of the Windows Hello-supported fingerprint sensors that were tested used “match on chip” hardware, which means that the authentication is handled on the sensor itself which has its own microprocessor and storage. Blackwing stated:

     

    A database of “fingerprint templates” (the biometric data obtained by the fingerprint sensor) is stored on-chip, and enrollment and matching is performed directly within the chip. Since fingerprint templates never leave the chip, this eliminates privacy concerns of biometric material being stored, and potentially exfiltrated, from the host — even if the host is compromised. This approach also prevents attacks that involve simply sending images of valid fingerprints to the host for matching.

    Blackwing used reverse engineering to find flaws in the fingerprint sensors and then created their own USB device that could perform a man-in-the-middle (MitM) attack. This device allowed them to bypass the fingerprint authentication hardware in those devices.

     

    The blog also pointed out that while Microsoft uses the Secure Device Connection Protocol (SDCP) "to provide a secure channel between the host and biometric devices" two of the three fingerprint sensors that were tested didn't even have SDCP enabled. Blackwell recommended that all fingerprint sensor companies not only enable SDCP on their products but also get a third-party company to make sure it works.

     

    It should be pointed out that bypassing these fingerprint hardware products took "approximately three months" of work by Blackwing, with a lot of effort, but the point is they were successful. It remains to be seen if Microsoft, or the fingerprint sensor companies, can use this research to fix these issues.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...