Microsoft’s Offensive Research and Security Engineering (MORSE) asked the cybersecurity company to evaluate the security of its fingerprint sensors. In October, the researchers provided their findings in a presentation at the tech giant’s BlueHat conference. Fingerprint sensors are now widely used by Windows laptop users. Microsoft has also pushed Windows Hello for a passwordless future.
A few years ago, Microsoft revealed that nearly 85% of consumers were using Windows Hello to sign into Windows 10 devices instead of using a password. It is important to note that Microsoft also counts a simple PIN as Windows Hello.
Vulnerabilities in Windows Hello authentication system
The security team identified popular fingerprint sensors from Goodix, Synaptics and ELAN as targets for the research. In a blog post, the company explained how a USB device can be built to perform a man-in-the-middle (MITM) attack. Such an attack could provide access to a stolen laptop, or even an “evil maid” attack on an unattended device.
Laptop models including Dell Inspiron 15, Lenovo ThinkPad T14 and Microsoft Surface Pro X
were affected by the fingerprint reader attacks. This allowed the researchers to bypass the Windows Hello protection as long as the fingerprint authentication had been set up on a device earlier.
The research team reverse-engineered both software and hardware and discovered cryptographic implementation flaws in a custom TLS on the Synaptics sensor. The complicated process to bypass Windows Hello also involved decoding and reimplementing proprietary protocols.
This isn’t the first time that Windows Hello biometrics-based authentication has been bypassed. In 2021, the company was forced to fix a Windows Hello authentication bypass vulnerability after a proof-of-concept involving capturing an infrared image of a victim to spoof Windows Hello’s facial recognition feature surfaced.