Researchers from Blackwing Intelligence have discovered multiple vulnerabilities in the fingerprint sensors of Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. These flaws, affecting fingerprint sensors from Goodix, Synaptics, and ELAN, could potentially be exploited to bypass Windows Hello authentication. The fingerprint sensors are of the "match on chip" (MoC) type, which integrates biometric functions directly into the sensor's integrated circuit. The vulnerabilities were found to impact the Secure Device Connection Protocol (SDCP) created by Microsoft to secure communication between the host and biometric devices.
Vulnerability Details:
ELAN Sensor:
Vulnerability: Lack of SDCP support and cleartext transmission of security identifiers (SIDs).
Exploitation: Allows any USB device to masquerade as the fingerprint sensor, falsely claiming authorized user login.
Synaptics Sensor:
Vulnerability: Default disablement of SDCP and reliance on a flawed custom TLS stack.
Exploitation: Enables attackers to bypass biometric authentication using a compromised TLS stack.
Goodix Sensor:
Vulnerability: Fundamental difference in enrollment operations between Windows and Linux.
Exploitation: Attack involves booting to Linux, enrolling attacker's fingerprint, and exploiting cleartext USB communication during MitM attacks.
Mitigation:
To mitigate these vulnerabilities, original equipment manufacturers (OEMs) are advised to enable SDCP and conduct thorough audits of fingerprint sensor implementations by independent experts. The findings highlight the need for manufacturers to better understand and implement security features to safeguard biometric authentication.
Previous Windows Hello Vulnerabilities:
This is not the first instance of vulnerabilities impacting Windows Hello. In July 2021, Microsoft addressed a medium-severity security flaw (CVE-2021-34466) that could allow attackers to spoof a target's face and bypass the login screen. The continuous discovery of such vulnerabilities emphasizes the importance of ongoing security assessments and improvements in biometric authentication systems.
Conclusion:
The identified vulnerabilities pose a potential risk to Windows Hello authentication on various laptops, and their exploitation could lead to unauthorized access. Manufacturers and security teams must work collaboratively to address and patch these vulnerabilities, reinforcing the security posture of biometric authentication systems. Additionally, users are encouraged to stay informed about security updates and best practices to enhance the overall security of their systems.
