November 22, 2023 at 02:30PM
Researchers, with support from Microsoft, have found ways to compromise three common fingerprint readers used in PCs. They were able to exploit the biometric security of Dell, Lenovo, and Microsoft laptops by taking advantage of the communication between the sensors and the devices. The manufacturers have since patched their chips. The study suggests that similar vulnerabilities may exist in other devices. However, the researcher believes that biometrics can enhance security when used appropriately.
According to the meeting notes, researchers from Blackwing Intelligence, with support from Microsoft, were able to compromise the biometric security of three popular fingerprint readers used by PCs. The laptops tested were a Dell Inspiron 15, a Lenovo ThinkPad T14, and the Microsoft Surface Pro 8/X. The researchers found ways to exploit the print sensors used by these devices for Microsoft’s “Windows Hello” sign-in service.
It is important to note that these exploits required the user to have fingerprint authentication enabled and the attacker to have physical access to the device. Although the sensors themselves worked fine, the researchers were able to take advantage of the communication between the sensors and the host devices.
The CEO and director of research at Blackwing Intelligence, Jesse D’Aguanno, mentioned that the manufacturers (Goodix, Synaptics, and Elan) have likely patched their chips, although this cannot be confirmed at the moment.
Windows Hello typically requires fingerprint readers to be “match-on-chip” (MoC) instead of “match-on-host” (MoH). MoC means that the readers have their own microprocessors and storage, which helps maintain privacy even if the host computer is compromised. However, MoC does not prevent a malicious sensor from pretending to be the legitimate one.
To address this, Microsoft developed the Secure Device Connection Protocol (SDCP) to ensure secure communication between the sensor and the host. However, two of the three readers tested did not have SDCP enabled by default, and the implementation was imperfect in the third reader.
Due to these vulnerabilities, the researchers were able to use a USB as a stand-in for Elan sensors and exploit the lack of SDCP and the transmission of security IDs in cleartext. For Synaptics readers, they also found weaknesses in SDCP protection, and for Goodix-protected computers with both Windows and Linux, they circumvented SDCP due to Linux’s lack of support.
It is worth noting that the study was limited to three laptops and three models of fingerprint readers. There is a possibility that similar vulnerabilities exist in other chips and computers around the world that rely on them. D’Aguanno believes that biometrics, when used appropriately, can enhance security by allowing users to choose stronger passwords and generate more secure encryption keys.
Overall, this meeting note highlights the vulnerabilities researchers discovered in certain fingerprint readers used for Windows Hello, the measures taken to exploit these vulnerabilities, and the potential implications for other devices.