Windows 10: Security researchers bypass Windows Hello fingerprint authentication

Security researchers at Blackwing Intelligence managed to bypass Windows Hello fingerprint authentication on devices with the three most used fingerprint sensors on Windows.

The researchers were asked by Microsoft's Offensive Research and Security Engineering to evaluate different fingerprinting sensors that could be used to authenticate using Windows Hello.

The three target laptops were the Dell Inspiron 15, the Lenovo ThinkPad T14 and the Microsoft Surface Pro Type Cover with Fingerprint ID.

The report begins with the fundamentals. The researchers explain how current generation fingerprint sensors work. All fingerprint sensors were MoC sensors, which means Match on Chip. The sensors use integrated microprocessors to perform the verification of authentication requests. Windows Hello requires fingerprint sensors to support MoC.

Two potential attack vectors against MoCs are the spoofing of communication and the replaying of previous recorded traffic that authenticates requests.

Microsoft was aware of these shortcomings when it created Windows Hello and created the Secure Device Connection Protocol (SDCP) to overcome these. Basically, what this does is make sure that the fingerprint device is trusted and untampered, and protect the communication between the fingerprint device and the host system.

Details on each of the attacks is provided afterwards. The first target was the Dell Inspiron 15 laptop. The used sensor, by Goodix, supports Windows Hello, SDCP and is also supported on Linux.

The Linux version provided the researchers with clues on the implementation and the bypass. On Windows, the SDCP spec enrolment process is followed. This is not the case on Linux, however. The main difference is that on Windows, an ID is generated as a "MAC operation on the host and validated on the sensor". This prevents the use of arbitrary IDs. On Linux, the host driver generates the ID and sends it to the sensor for storage.

The researchers discovered, after some trial and error that it is possible to use the Linux template database (and thus ID) for authentication. It required a man in the middle attack to rewrite config packets, but it got them in to the device in the end.

The second device, the Lenovo Thinkpad T14, required a different approach. The researchers discovered that SDCP was disabled on the chip, even though it was supported. The Synaptic sensor used a custom TLS stack for secure communication between host and sensor.

With that figured out, the plan to attack TLS directly was formed. They could negotiate with TLS already and read client certificate and key data. The data is encrypted and after some digging, the researches found out that the encryption key is derived from the machine's product name and serial number.

With that figured out, engineers created an attack that allowed them to read and decrypt the encrypted data, negotiate a TLS session with the sensor, enumerate valid fingerprint template IDS, spoof the valid IDs to boot into Windows using the fake fingerprint.

The final device, the Microsoft Surface Pro used a chip by ELAN. The researches were surprised to find out that it did not use SDCP, used cleartext USB communication and no authentication. This sensor was the easiest to bypass because of the lack of security.

Closing Words

All three fingerprint sensors were bypassed in the test to allow attackers to sign-in as any user on the system. Most Windows users may want to avoid using fingerprint authentication on Windows laptops for the time being until these issues are sorted out.

Now You: how do you sign-in to Windows?

Thank you for being a Ghacks reader. The post Security researchers bypass Windows Hello fingerprint authentication appeared first on gHacks Technology News.

read more...

 

Logon intermittently bypasses Windows Hello Fingerprint

Hello Mosken,

When I didn't hear back from you I went ahead and re-set my Windows Hello Fingerprint. Three logons (with shutdowns in between) worked perfectly yesterday. But the first logon for today it was back to its old intermittent self to bypass Windows Hello and go straight to the desktop, with no security.

So, just like all the other 'fixes' I've tried over the past 2+ weeks, your four steps can be added to the list of all the things that don't work for this Windows Hello intermittent bypass and proceed straight to Windows Desktop issue.

Any other suggestions?

Thanks,

Jan

 

Windows Hello Fingerprint issue

Hi Rajesh,



Thank you for writing to Microsoft Community Forums.



We understand that you are unable to use Windows Hello Fingerprint to sign in to Windows. It would be great if you can reply with the details requested below:

• When you say, “I am not getting the option to log-in into windows using fingerprint.” What login options do you see on the login screen?
  
• What happens when you try to use the Windows Hello Fingerprint scanner to login to Windows?
  
• Were you able to use the Windows Hello Fingerprint to login to Windows earlier?
  

Ideally, on the login screen, you will see Sign-in options that allows you to use different sign-in methods to login to Windows.



As you have mentioned that you are able to use the Fingerprint scanner on websites, I would suggest you to refer the steps mentioned below and see if that helps:

1. On the login screen, click on Sign-in options.
   
2. Click on the Fingerprint icon, scan the Fingerprint, and see if you are able to sign in.
   

Refer the screenshot below:









If the issue persists, try removing the Fingerprint and add it again. Refer the steps mentioned below:

1. Press Windows key + I, to open
   Settings.
   
2. Click on Accounts and click on
   Sign-in options on the left pane.
   
3. Now, click on Windows Hello Fingerprint and click on
   Remove.
   
4. Follow the on-screen instructions to remove the Fingerprint.
   
5. Once done, click on Set up and follow the on-screen instructions to add the Fingerprint.
   

Let us know how it goes.



Regards,

Nikhar Khare

Microsoft Community - Moderator

 

Logon intermittently bypasses Windows Hello Fingerprint

Hello,i

I have an issue with Windows Hello on my 2 week old LG Gram laptop running Windows 11 that I have yet to find anyone else having, and thus I've been unable to find a 'fix' that works.

After I set up Windows Hello Fingerprint, when setting up the new laptop, it worked perfect for the first couple of days. Then for some unknown reason, it decided to bypass the Windows Hello Fingerprint.

In the past two weeks, at each new logon sometimes it works perfect, and sometimes it bypasses the Fingerprint and says I need to put in the PIN instead. But the real issue I'm having is that sometimes it COMPLETELY bypasses Windows Hello altogether and goes straight to the Windows Desktop...no fingerprint, no PIN, just a straight logon.

I have tried every solution given for those that have had their Windows Hello stop working. None of those solutions work. Mainly because my Windows Hello does work. Just not all the time. It can work perfect for several logons, then suddenly not at all. Shut down, start back up (even Restart) and it can work fine again. For a few more logons, that is, until it decides to bypass Windows Hello again and go straight to the desktop.

What I'm hoping is that someone will read this that had the same intermittent problem with Windows Hello bypassing biometrics or PIN and going straight to the desktop and tell me what they did to fix it. Again all the fixes for those where it no longer works completely (driver, Microsoft Account, Remove Windows Hello and add back, etc, etc, etc) aren't a solution in this case of Windows Hello that works intermittently.

My sanity is almost blown with this issue...I hope someone can save me. Thank you in advance.