Windows users were excited to see devices with fingerprint-based biometric authentication, similar to Apple's Touch ID on laptops and computers. The problem is that things don't work as smoothly on Windows, as vulnerabilities in Windows Hello have been discovered in fingerprint authentication on top-tier laptops.
Security researchers revealed that the fingerprint authentication system Windows Hello, present on three of the most popular laptops Windows, does not provide the expected level of security. At Microsoft's request, cybersecurity firm Blackwing Intelligence conducted penetration tests, finding that all three laptops failed these tests.
Despite the fact that the Microsoft Surface was subjected to tests, it turned out to be the most vulnerable of the three models tested, allowing easy bypassing of biometric fingerprint authentication Windows Hello.
Microsoft's research team (MORSE) explicitly requested the security assessment for the top-performing fingerprint sensors embedded in laptops, but the results showed multiple vulnerabilities successfully exploited by the team. Each laptop, including the Dell Inspiron 15 and Lenovo ThinkPad T14, required distinct approaches to circumvent existing security protocols.
These vulnerabilities Windows Hello on fingerprint authentication emphasizes the continuous importance of improving authentication systems to ensure an increased level of security.
Content
Windows Hello Vulnerabilities in Fingerprint Authentication on Dell Inspiron 15
Dell Inspiron 15 presents significant vulnerabilities Windows Hello for fingerprint authentication. When the device is turned on in Windows, it follows full security protocols, including Secure Device Connection Protocol (SDCP). These protocols perform essential checks, such as ensuring that the host is communicating with a trusted device and that fingerprint data is not stored or relayed. However, the team that tested vulnerabilities Windows Hello noticed that while access to the fingerprint reader in Windows uses SDCP, access to Linux not. And they got an idea.
By initiating the target device in Linux and side use Linux to enter the attacker's fingerprint into the database by specifying the same ID as a legitimate user signed in via Windows, the team identified a vulnerability. Even though this attempt was initially unsuccessful, as separate on-chip databases were discovered for Windows and Linux, it was possible to determine how Windows knew which database to access and was able to direct it to the one on Linux.
This opened the way for the next solution, involving an attack Man in the Middle (MitM). Here are the steps of this vulnerability Windows Hello at fingerprint authentication on Dell Inspiron 15.
1. The system is turned on Linux.
2. Valid IDs are listed. So the ones that can be authorized are determined.
3. Enrollment of the attacker's fingerprint using the same ID as a legitimate user is performed Windows.
4. Type attack Man in the Middle (MitM) on the connection between the host and the sensor.
5. Start the system in Windows.
6. Intercepting and rewriting the configuration package to point to the database Linux using the MitM attack.
7. Authentication is done as a legitimate user with the fingerprint of the attacker.
A relatively simple method for the type of user who has an average knowledge of the architecture of operating systems Linux and systems Windows.
As for the Microsoft Surface Pro 8 / X, the vulnerability is even easier to exploit.
Fingerprint ID Vulnerability on Microsoft Surface Pro Type Cover
Regarding the vulnerability identified on the Microsoft Surface Pro Type Cover with Fingerprint ID, the research team expected an official Microsoft product to present the highest degree of difficulty, but they were stunned to find incredibly weak security. In this case, the lack of Secure Device Connection Protocol (SDCP) was evident, along with clear text (unencrypted) USB communication and the absence of authentication.
With this lack of security, the team found they could simply unplug the fingerprint sensor and plug in their own device to mimic it. The procedure consisted of disconnecting the Type Cover (the driver cannot handle two connected sensors, becoming unstable), connecting the attack device, promoting the VID/PID of the sensor, observing the valid SID from the driver Windows, passing the check "how many fingerprints” and initiating Fingerprint authentication on the system Windows, followed by sending a Valid Login Response from the spoofed device.
In conclusion, these vulnerabilities Windows Hello on fingerprint authentication pointed out the significant vulnerabilities that can exist in the implementation of biometric authentication systems.
Related: How to disable authentication with Windows Hello PIN, Face and Fingerprint in Windows 10
What is Windows Hello?
First introduced with the release of the operating system Windows 10 and continuing to provide enhanced functionality on desktop and laptop computers Windows 11, Windows Hello is a faster and more secure way to get instant access to devices Windows.
This advanced authentication system gives you the ability to access your devices Windows 11 using a PIN code, facial recognition or fingerprint. To take advantage of these options, you need to set up a PIN code during fingerprint or facial recognition initialization, but you can also authenticate with just your PIN.
These options not only make the process of signing in to your PC significantly easier, but also make it more secure, as your PIN is associated with only one device and is backed up for recovery through your Microsoft account.