Attacking Windows Hello for Business Fingerprint Authentication

Date: 2023-12-19
Author: Versasec

BlueHat Oct 23. S02: A Touch of Pwn: Attacking Windows Hello Fingerprint Authentication

BlueHat Oct 23. S02: A Touch of Pwn: Attacking Windows Hello Fingerprint Authentication

Timo Teras and Jesse D’Aguanno, Blackwing intelligence, were on a secret mission hired by the Microsoft Offensive Research and Security Engineering Team. The Microsoft team chose three devices to see if it would be possible to bypass fingerprint authentication. In case of a physical device theft, would the laptop’s Windows Hello be bypassed?

Chosen devices?

  • Dell Inspiron 15: Goodix sensor
  • Lenovo ThinkPad T14: Synaptics sensor
  • Microsoft Surface  ( Pro 8 / X): sensor ELAN

The Attack

In their initial findings, the devices featured “match-on-chip” technology, ensuring that biometric data remains within the sensor without being transmitted to the host. Their focus then shifted to exploiting vulnerabilities in the chip itself.

Subsequently, they delve into the communication protocol between the chip and the sensor, known as SDCP, developed by Microsoft. This becomes the focal point for white-collar hackers as they meticulously examine its limitations, aiming to devise a method for unauthorized access using a fabricated fingerprint.

Through extensive exploration and reverse engineering of each device, they successfully execute an “MITM” attack, introducing a new fingerprint and gaining unauthorized authentication into the devices. A demonstration of the first compromised device can be observed at the 30-minute mark in the video above.

attacking windows hello for business

A Focus on Strong Authentication

In conclusion, the Windows Hello fingerprint authentication results from the Blue Hat conference serve as a reminder that cybersecurity is an evolving terrain. Specifically, these developments underscore the need to adopt robust multi-factor authentication methods. More importantly, to authenticate to a Windows system, you need more than a fingerprint to achieve a reasonable security level. 

In this regard, Versased designed vSEC:CMS to manage a wide range of hardware credentials efficiently, considered the strongest factors available today, based on public key cryptography and FIDO

At Versasec, we dedicate our services to managing these technologies. Through many years of experience, we understand organizations can often feel overwhelmed by properly managing, integrating, and automating credential management processes. Therefore, wе strivе to hеlp businеssеs dеvеlop appropriatе sеcurity posturеs in thеsе arеas that also addrеss and providе solutions to thеsе challеngеs. As a result, we help еnsure thеir crеdеntials and digital assеts arе protеctеd with thе most еffеctivе and to datе stratеgiеs.

vSEC:CMS

Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.

Start here

Free Product Trial

Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.

Job Openings

We are always looking for new exceptional persons to join our team! Find out more about our job openings.

Share this article