Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors.
Blackwing Intelligence security researchers discovered vulnerabilities during research sponsored by Microsoft's Offensive Research and Security Engineering (MORSE) to assess the security of the top three embedded fingerprint sensors used for Windows Hello fingerprint authentication.
Blackwing's Jesse D'Aguanno and Timo Teräs targeted embedded fingerprint sensors made by ELAN, Synaptics, and Goodix on Microsoft Surface Pro X, Lenovo ThinkPad T14, and Dell Inspiron 15.
All tested fingerprint sensors were Match-on-Chip (MoC) sensors with their own microprocessor and storage, allowing fingerprint matching to be performed securely within the chip.
However, while MoC sensors prevent the replay of stored fingerprint data to the host for matching, they do not inherently stop a malicious sensor from mimicking a legitimate sensor's communication with the host. This could falsely indicate successful user authentication or replay previously observed traffic between the host and sensor.
To counteract attacks that would exploit these weaknesses, Microsoft developed the Secure Device Connection Protocol (SDCP), which should've ensured that the fingerprint device was trusted and healthy and that the input between the fingerprint device and the host was protected on the targeted devices.
Despite this, the security researchers successfully bypassed Windows Hello authentication using man-in-the-middle (MiTM) attacks on all three laptops, leveraging a custom Linux-powered Raspberry Pi 4 device.
Throughout the process, they used software and hardware reverse-engineering, broke cryptographic implementation flaws in Synaptics sensor's custom TLS protocol, and decoded and re-implemented proprietary protocols.
On Dell and Lenovo laptops, authentication bypass was achieved by enumerating valid IDs and enrolling the attacker's fingerprint using the ID of a legitimate Windows user (the Synaptics sensor used a custom TLS stack instead of SDCP to secure USB communication).
For the Surface device, whose ELAN fingerprint sensor had no SDCP protection, used cleartext USB communication, and had no authentication, they spoofed the fingerprint sensor after disconnecting the Type Cover containing the sensor and sent valid login responses from the spoofed device.
"Microsoft did a good job designing SDCP to provide a secure channel between the host and biometric devices, but unfortunately device manufacturers seem to misunderstand some of the objectives," the researchers said.
On Dell and Lenovo laptops, authentication bypass was achieved by enumerating valid IDs and enrolling the attacker's fingerprint using the ID of a legitimate Windows user (the Synaptics sensor used a custom TLS stack instead of SDCP to secure USB communication).
For the Surface device, whose ELAN fingerprint sensor had no SDCP protection, used cleartext USB communication, and had no authentication, they spoofed the fingerprint sensor after disconnecting the Type Cover containing the sensor and sent valid login responses from the spoofed device.
"Microsoft did a good job designing SDCP to provide a secure channel between the host and biometric devices, but unfortunately device manufacturers seem to misunderstand some of the objectives," the researchers said.