Windows Hello Byppased: Major Fingerprint Sensor Flaws Expose Dell, Lenovo, and Microsoft Laptops

by | Nov 23, 2023 | News

Post Views: 1,389

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

A recent investigation has unearthed significant vulnerabilities that could potentially compromise Windows Hello authentication on popular laptops, including Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X. The research, conducted by Blackwing Intelligence, a firm specializing in hardware and software product security, has pinpointed flaws in the fingerprint sensors integrated into these devices, specifically those from Goodix, Synaptics, and ELAN.

The fingerprint sensors in question are classified as “match on chip” (MoC), featuring integrated circuitry that manages biometric functions directly within the sensor. While MoC prevents the replay of stored fingerprint data for matching, it falls short in preventing a malicious sensor from mimicking a legitimate one’s communication with the host, falsely authenticating an authorized user.

Despite the Secure Device Connection Protocol (SDCP) introduced by Microsoft to enhance security, researchers identified a novel method to circumvent these safeguards, enabling adversary-in-the-middle (AitM) attacks. Notably, the ELAN sensor was susceptible to sensor spoofing and cleartext transmission of security identifiers (SIDs), allowing any USB device to pose as the fingerprint sensor and gain unauthorized access.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

For Synaptics, default settings had SDCP turned off, relying on a flawed custom Transport Layer Security (TLS) stack, thereby exposing a vulnerability that could be exploited to bypass biometric authentication.

The exploitation of the Goodix sensor took advantage of differences in enrollment operations between Windows and Linux systems. By leveraging the lack of SDCP support in Linux, the attacker could enroll a fingerprint on a Linux-loaded machine and later use it to log in as a legitimate Windows user.

Trending: The Dark Side of RAR Files: A New Method for Delivering Malicious Payloads

Trending: Recon Tool: subby

To mitigate these risks, researchers recommend original equipment manufacturers (OEMs) to enable SDCP and subject fingerprint sensor implementations to independent audits by qualified experts.

This revelation echoes a larger challenge, indicating that while Microsoft’s SDCP design is robust, OEMs must enhance their understanding and application of its objectives to ensure comprehensive security coverage.

Trending: Windows Variant of BiBi Wiper Signals Escalation in Cyber Attacks

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]

Source: thehackernews.com

Source Link