Windows Hello auth bypassed on Microsoft, Dell, Lenovo laptops

Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors.

Blackwing Intelligence security researchers discovered vulnerabilities during research sponsored by Microsoft’s Offensive Research and Security Engineering (MORSE) to assess the security of the top three embedded fingerprint sensors used for Windows Hello fingerprint authentication.


Blackwing’s Jesse D’Aguanno and Timo Teräs targeted embedded fingerprint sensors made by ELAN, Synaptics, and Goodix on Microsoft Surface Pro X, Lenovo ThinkPad T14, and Dell Inspiron 15.

All tested fingerprint sensors were Match-on-Chip (MoC) sensors with their own microprocessor and storage, allowing fingerprint matching to be performed securely within the chip.

However, while MoC sensors prevent the replay of stored fingerprint data to the host for matching, they do not inherently stop a malicious sensor from mimicking a legitimate sensor’s communication with the host. This could falsely indicate successful user authentication or replay previously observed traffic between the host and sensor.

To counteract attacks that would exploit these weaknesses, Microsoft developed the Secure Device Connection Protocol (SDCP), which should’ve ensured that the fingerprint device was trusted and healthy and that the input between the fingerprint device and the host was protected on the targeted devices.

Despite this, the security researchers successfully bypassed Windows Hello authentication using man-in-the-middle (MiTM) attacks on all three laptops, leveraging a custom Linux-powered Raspberry Pi 4 device.

Throughout the process, they used software and hardware reverse-engineering, broke cryptographic implementation flaws in Synaptics sensor’s custom TLS protocol, and decoded and re-implemented proprietary protocols.

On Dell and Lenovo laptops, authentication bypass was achieved by enumerating valid IDs and enrolling the attacker’s fingerprint using the ID of a legitimate Windows user (the Synaptics sensor used a custom TLS stack instead of SDCP to secure USB communication).

For the Surface device, whose ELAN fingerprint sensor had no SDCP protection, used cleartext USB communication, and had no authentication, they spoofed the fingerprint sensor after disconnecting the Type Cover containing the sensor and sent valid login responses from the spoofed device.

“Microsoft did a good job designing SDCP to provide a secure channel between the host and biometric devices, but unfortunately device manufacturers seem to misunderstand some of the objectives,” the researchers said.

“Additionally, SDCP only covers a very narrow scope of a typical device’s operation, while most devices have a sizable attack surface exposed that is not covered by SDCP at all.”

After finding that Secure Device Connection Protocol (SDCP) wasn’t even enabled on two out of three of the targeted laptops, Blackwing Intelligence recommends that vendors manufacturing biometric authentication solutions ensure SDCP is enabled, as it will not help thwart attacks if it’s not toggled on.

Microsoft said three years ago that the number of users signing into their Windows 10 devices using Windows Hello instead of using a password grew to 84.7 percent from 69.4 percent in 2019.

Previous post Watch ‘Ultimate Spider-Man’ trailer, see interior art, and more here • AIPT
Next post Black Friday Shoppers to Top 130 Million in 2023
سكس نيك فاجر boksage.com مشاهدة سكس نيك
shinkokyu no grimoire hentairips.com all the way through hentai
xxxxanimal freshxxxtube.mobi virus free porn site
xnxx with dog onlyindianpornx.com sexy baliye
小野瀬ミウ javdatabase.net 秘本 蜜のあふれ 或る貴婦人のめざめ 松下紗栄子
سكس كلاب مع نساء hailser.com عايز سكس
hidden cam sex vedios aloha-porn.com mom and son viedo hd
hetai website real-hentai.org elizabeth joestar hentai
nayanthara x videos pornscan.mobi pron indian
kowalsky pages.com tastymovie.mobi hindi sx story
hairy nude indian popcornporn.net free sex
تحميل افلام سكس مترجم عربى pornostreifen.com سكس مقاطع
كس اخته pornozonk.com نسوان جميلة
xxnx free porn orgypornvids.com nakad
medaka kurokami hentai hentaipod.net tira hentai