A security group contracted by Microsoft has successfully bypassed the Windows Hello fingerprint authentication of several laptops, including Microsoft's own hardware. Blackwell Intelligence, the team responsible for the breakthrough, presented their research at the Microsoft BlueHat security conference in October and recently detailed their methodology on their website. Their investigation targeted the “match on chip” fingerprint sensors of devices from industry leaders such as Dell, Lenovo, and Microsoft's Surface Pro.
Technical Infiltration Explained
The exploited sensors, produced by technology manufacturers Goodix, Synaptics, and ELAN, process and store fingerprint data on the sensor chip itself. The inherent design is intended to enhance security by restricting the biometric data within the chip, thus avoiding potential external compromises. Blackwell Intelligence leveraged reverse engineering to identify weaknesses in the sensors' operation. The team then crafted a USB device capable of performing a man-in-the-middle (MitM) attack, effectively allowing them to impersonate authorized user access.
The “match on chip” system that the targeted sensors use operates by retaining a database of fingerprint templates directly on the chip. This offers an added layer of security as the templates are authenticated at the hardware level, not on the host computer, where data could be more easily extracted by malicious parties. Despite this architecture, Blackwell's work exhibited that determined attackers can still intercept and manipulate the biometric verification process.
Recommendations and Effects
The researchers noted in their blog that two out of the three tested sensors did not have the Secure Device Connection Protocol (SDCP)—meant to establish a secure channel between the computer and fingerprint devices—activated. The group has urged sensor producers to enable SDCP and to undergo independent verification to ensure the protocol's effectiveness.
It took Blackwell approximately three months to breach these security measures, demonstrating both the complexity of the task and the potential for devices to be compromised when sufficient resources and expertise are applied. Their findings lead to a call for reinforced security efforts. With the research now public, the onus falls on Microsoft and sensor manufacturers to address the vulnerabilities disclosed by Blackwell Intelligence to fortify the security of biometric authentication systems.
