Windows users were delighted to see devices with fingerprint biometric authentication system (Fingerprint) on the existing Touch ID on Apple laptops and computers. The problem is that things do not go as well on Windows, with Windows Hello vulnerabilities being discovered at Fingerprint authentication on top laptops.
content
Security researchers have revealed that the Windows Hello fingerprint authentication system, present on three of the most popular Windows laptops, does not provide the expected security level. At the request of Microsoft, the Cyber Security Company Blackwing Intelligence performed penetration tests, discovering that all three laptops failed in front of these samples.
Despite the fact that Microsoft Surface has been under tests, it has been shown to be the most vulnerable of the three models tested, allowing the slight bypassing the biometric Fingerprint Windows Hello.
Microsoft's research team (Morse) explicitly requested the security assessment for the best performing fingerprint sensors in laptops, but the results showed multiple vulnerabilities successfully by the team. Each laptop, including Dell Inspiron 15 and Lenovo Thinkpad T14, required distinct approaches to avoid existing security protocols.
These Windows Hello vulnerabilities at Fingerprint authentication emphasize the continuous importance of improving authentication systems to ensure an increased security level.
Windows Hello vulnerabilities at fingerprint authentication on Dell Inspiron 15
Dell Inspiron 15 It presents significant Windows Hello vulnerabilities at Fingerprint authentication. When the device is started in Windows, it follows complete security protocols, including Secure Device Connection Protocol (SDCP). These protocols carry out essential checks, such as ensuring that the host communicates with a reliable device and that the fingerprint data is not stored or retransmitted. However, the team that has tested Windows Hello vulnerabilities noted that while access to the fingerprint reader in Windows uses SDCP, Linux access. And they came up with an idea.
By initiating the target device in Linux and using the Linux side to enter the attacker's imprint in the database, specifying the same ID as a legitimate user registered by Windows, the team identified a vulnerability. Even though this approach initially was not successful, because separate databases on Windows and Linux were discovered, it was managed to determine how Windows knew what database to access and managed to direct it to Linux.
It opened the way for the next solution, involving an attack Man in the Middle (MitM). Here's what the steps of this Windows Hello vulnerability look at the Fingerprint authentication on Dell Inspiron 15.
1. The system starts on Linux.
2. The listing of valid IDs is done. So the ones that can be authorized are determined.
3. It is executed to enroll the fingerprint of the attacker using the same ID as a legitimate Windows user.
4. Type attack Man in the Middle (MitM) on the connection between the host and the sensor.
5. The system starts in Windows.
6. Interception and rewrite of the configuration package to head to the Linux database using the MITM attack.
7. The authentication is done as a legitimate user with the fingerprint of the attacker.
A relatively simple method for the type of user who has average knowledge about the architecture of Linux operating systems and Windows systems.
As for Microsoft Surface Pro 8 / X, vulnerability is even easier to exploit.
Vulnerability fingerprint ID on Microsoft Surface Pro Type Cover
Regarding the vulnerability identified on Microsoft Surface Pro Type Cover with Fingerprint ID, the research team expected a official Microsoft product to present the highest degree of difficulty, but they were aware of incredibly weak security. In this case, the lack of the secure connection protocol of the device (SDCP) was obvious, along with the USB communication in a clear (unclipped) text and the absence of authentication.
With this absence of security, the team discovered that they could simply disconnect the fingerprint sensor and connect their own device to imitate it. The procedure consisted of disconnecting Type Cover (the driver cannot handle two connected sensors, becoming unstable), connecting the attack device, promoting the sensor, observing the valid SID from the Windows driver, passing the verification “how many fingerprints” And the initiation of the Fingerprint authentication on the Windows system, followed by a valid logging response from the forged device.
In conclusion, these Windows Hello vulnerabilities at Fingerprint authentication have emphasized the significant vulnerabilities that may exist in the implementation of biometric authentication systems.
Related: How we disable authentication with Windows Hello Pin, also Fingerprint in Windows 10
What is Windows Hello?
Inserted for the first time with the launch of the Windows 10 operating system and continuing to provide improved functionalities on computers and laptops with Windows 11 systems, Windows Hello is a faster and safer way to get instant access to Windows devices.
This advanced authentication system gives you the opportunity to access Windows 11 devices using a PIN, facial recognition or fingerprint (Fingerprint). In order to benefit from these options, you need to configure a PIN during fingerprint initialization or facial recognition, but you can only authenticate with PIN.
These options not only significantly facilitate the process of connecting to your PC, but also makes it safer, because your PIN is only associated with a single device and benefit from backup for your Microsoft account.
