Security researchers have discovered vulnerabilities in Windows Hello’s fingerprint authentication system, exposing flaws in the top three fingerprint sensors integrated into laptops.
Microsoft’s Offensive Research and Security Engineering (MORSE) engaged Blackwing Intelligence to assess the security of fingerprint sensors by ELAN, Synaptics, and Goodix, embedded in a Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X respectively.
Blackwing’s extensive evaluation revealed cryptographic flaws in a custom TLS and identified vulnerabilities in proprietary protocols through thorough reverse engineering of software and hardware. Despite employing Match-on-Chip (MoC) technology for enhanced security, the researchers were able to bypass authentication on all three laptops using man-in-the-middle attacks conducted with a Raspberry Pi 4.
While Microsoft designed the Secure Device Connection Protocol (SDCP) to fortify the authentication process, the researchers found shortcomings in its implementation. Notably, SDCP, intended to prevent unauthorized use of user keys when the user is absent, wasn’t enabled on two of the three targeted devices.