What Is Kerberos? How Does Kerberos Work?
November 22, 2023
Microsoft Soon Develops its AI Copilot for Windows 10
November 25, 2023
In recent research findings, multiple vulnerabilities have been identified that could potentially allow attackers to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. Researchers from Blackwing Intelligence, a group specializing in hardware and software product security and offensive research, discovered these issues. The flaws affect fingerprint sensors manufactured by Goodix, Synaptics, and ELAN, integrated into the aforementioned devices.
The identified fingerprint sensors fall under the category of "match on chip" (MoC), which means that matching and other biometric functions are directly integrated into the sensor's integrated circuit. While MoC protects against the replay of stored fingerprint data, it does not protect against a malicious sensor falsely claiming that an authorized user has successfully authenticated. More importantly, the MoC does not prevent the replay of previously recorded communication between the host and sensor.
Despite the Secure Device Connection Protocol (SDCP) created by Microsoft to address these issues, and researchers found a novel method that could potentially circumvent these protections, allowing for adversary-in-the-middle (AitM) attacks. Specifically, the ELAN sensor was found to be vulnerable due to the lack of SDCP support, and allowing any USB device to impersonate the fingerprint sensor and falsely claim an authorized user login.
In the case of Synaptics, SDCP was found to be turned off by default, and a flawed custom Transport Layer Security (TLS) stack was used to protect the USB communications between the host driver and sensor, possibly enabling attackers to avoid biometric authentication.
The use of the Goodix sensor capitalizes on a key difference in enrollment operations between Windows and Linux. Attackers can utilize the lack of SDCP support in Linux to execute a variety of tasks, such as enrolling their fingerprint as a legitimate Windows user and intercepting and enhancing configuration packets during sensor initialization.
To mitigate these vulnerabilities, it would be recommended that original equipment manufacturers (OEMs) enable SDCP and conduct independent audits of fingerprint sensor implementations. This information is the latest in a series of successful attacks on Windows Hello biometrics-based authentication, underlining the importance of continuous development in safeguarding these systems.
The researchers acknowledged Microsoft's efforts to build SDCP but highlighted potential misconceptions by device manufacturers. They also pointed out that SDCP covers only a limited scope of a device's operation, leaving a substantial attack surface exposed to potential threats.
