Security researchers from Blackwing Intelligence have uncovered vulnerabilities in the implementation of fingerprint sensors in three notebooks from renowned manufacturers. These vulnerabilities allow for bypassing authentication via Windows Hello. The sensors in question were examined in the Dell Inspiron 15, Lenovo Thinkpad T14, and the Type Cover for the Surface Pro 8/X by Microsoft, according to the researchers’ report.
Interestingly, Microsoft itself, specifically its Morse team (Microsoft Offensive Research and Security Engineering), commissioned the investigations. Allegedly, Microsoft requested the security researchers to assess the three leading fingerprint sensors used for authentication through Windows Hello.
The examined fingerprint sensors come from manufacturers Goodix (Dell), Synaptics (Lenovo), and Elan (Surface). All three models are MoC sensors (Match on Chip), equipped with their own microprocessors and memory. This allows the sensors to perform fingerprint matching within the chip itself, as highlighted by the researchers.
With MoC sensors, biometric information isn’t transmitted to the host system where potential attackers could extract it. However, information regarding a successful authentication is indeed transmitted to the host, potentially susceptible to interception and mimicry by malicious actors.
To intervene in the USB-mediated data traffic between the fingerprint sensor and host system using a Man-in-the-Middle (MitM) attack, the researchers utilized, among other tools, a Linux-operated Raspberry Pi 4. Ultimately, they succeeded in reliably bypassing Windows Hello authentication on all three devices.
SDCP appears to provide a solid foundation if used correctly. After around three months of research, the researchers praised Microsoft, not for the similarly vulnerable implementation of the Surface device’s fingerprint sensor, but for the development of SDCP (Secure Device Connection Protocol). This protocol establishes a secure communication channel between host systems and biometric sensors.
However, the issue lies in the improper use of SDCP by device manufacturers. In two out of three examined devices, the protocol wasn’t even activated. Consequently, the security researchers recommend that manufacturers activate SDCP and have their implementations scrutinized by external, qualified security experts.
The researchers recently presented their findings at Microsoft’s Bluehat conference. A recording of the presentation is available on YouTube, and the presentation slides have been made accessible online (PDF). The team intends to publish additional contributions in the future, providing closer insights into the technical details of these vulnerabilities.
READ MORE: Samsung Unveils Android 14 Update Schedule for 16 Phones, 13 Tablets in Germany
