Many laptops are affected: researchers warn of a serious security vulnerability

Researchers have discovered a major security vulnerability in several laptops. There is a risk that strangers can log in.

Fingerprint login is becoming increasingly popular. In 2019, Microsoft reported that the number of users who signed in to their Windows 10 devices using Windows Hello instead of a password was 84.7 percent. But is this login method really secure?

In a study commissioned by Microsoft’s Offensive Research and Security Engineering (MORSE) division, researchers at Blackwing Intelligence bypassed Hello fingerprint authentication on a number of laptops, according to reports.BleepingComputer“.

Experts were able to log into Inspiron, Lenovo ThinkPad and Microsoft Surface Pro X laptops without being the legitimate user of the devices. The goal of the research was to evaluate the security of the three main embedded fingerprint sensors from ELAN, Synaptics, and Goodix used in Windows Hello fingerprint authentication. Tested on Microsoft Surface Pro

This is why there are security vulnerabilities in fingerprint login on Windows devices

Nearly 90 percent of Windows users log in to their devices using their fingerprint.

Photo: Getty Images/CHIP

All three fingerprint sensors tested were match-on-chip (MoC) sensors with their own microprocessor and memory. This allows fingerprint matching to be performed securely within the chip.

While the sensors prevent stored fingerprint data from being transmitted to the host for matching, they do not prevent a malicious sensor from imitating a legitimate sensor’s communication with the host. This may falsely indicate successful user authentication or reflect previously observed host sensor traffic.

The researchers were able to access all the laptops despite the security protocol

To combat attacks that exploit these vulnerabilities, Microsoft developed the Secure Device Communication Protocol (SDCP). The protocol aims to ensure that the fingerprint device is reliable and intact, and that the input between the fingerprint device and the host on the target devices is protected.

However, security researchers were able to bypass Windows Hello authentication using Man-in-the-Middle (MiTM) attacks on all three laptops. For this test, they used a special Raspberry Pi 4 device running Linux. They used reverse engineering of software and hardware throughout the process. Researchers discovered flaws in the implementation of encryption in the fingerprint sensor’s TLS protocol and decrypted and re-implemented the proprietary protocols.

On Dell and Lenovo laptops, authentication was bypassed by enumerating valid IDs and recording the attacker’s fingerprint with the legitimate Windows user ID (the sensor used a custom TLS stack instead of SDCP to secure USB connections). For a Surface device whose ELAN fingerprint sensor does not have SDCP protection and plain text USB connectivity and authentication, they spoofed the fingerprint sensor after disconnecting the Type Cover with the sensor and sent valid login responses from the spoofed device.

In most cases, SDCP is not activated – the problem lies with the device manufacturer

“Microsoft has done a good job developing SDCP to create a secure channel between the host and biometric devices, but unfortunately device manufacturers seem to be misunderstanding some of the goals,” the researchers say. “Furthermore, SDCP only covers a very narrow range of typical device operation, while most devices present a large attack surface that SDCP does not cover at all.”

After discovering that Secure Device Communication Protocol (SDCP) was not even enabled on two out of three of the laptops that were attacked, security researchers at Blackwing Intelligence are recommending that biometric authentication solution providers ensure SDCP is enabled as well. Therefore, if the protocol is not running, it will not be able to help prevent attacks.

Other readers are also interested: