The use of biometric authentication, such as fingerprint sensors, has become increasingly popular in recent years as a more convenient and secure way to access devices and accounts. Windows Hello, introduced by Microsoft in 2015, allows users to log into their devices using facial recognition, fingerprint scanning, or a PIN code.
However, as with any technology, there are always potential vulnerabilities that can be exploited by malicious actors. In this case, the researchers were able to bypass the fingerprint sensors on the three tested laptops, highlighting the need for continued research and improvement in biometric authentication technology.
The research was a joint effort between Blackwing Intelligence and Microsoft’s Offensive Research and Security Engineering (MORSE) team. Blackwing Intelligence is a security engineering and research services provider that specializes in identifying and mitigating vulnerabilities in various technologies. MORSE, on the other hand, is a team within Microsoft that focuses on offensive security research and developing tools and techniques to improve the security of Microsoft products and services.
The three laptops targeted in the research were the Dell Inspiron 15, Lenovo ThinkPad T14s, and Microsoft Surface Pro X. These devices were chosen due to their popularity and the fact that they all use different fingerprint sensors – Goodix, Synaptics, and ELAN, respectively.
The researchers used a combination of software and hardware attacks to target both the embedded fingerprint sensors and the host devices. All three sensors are Match-on-Chip, meaning that the fingerprint data is stored and processed on the sensor itself, rather than being sent to the host device. This adds an extra layer of security, as the chip itself needs to be attacked in order to bypass authentication.
The attack methods used by the researchers required physical access to the targeted device. This means that the attacker would need to either steal the device or use the “evil maid” method, where an attacker gains access to the device while it is unattended, such as in a hotel room.
In the case of the Dell and Lenovo laptops, the researchers were able to bypass Windows Hello fingerprint authentication by enumerating valid IDs associated with user fingerprints and enrolling the attacker’s fingerprint by spoofing a legitimate user’s ID. This essentially tricks the sensor into thinking that the attacker’s fingerprint is a valid one, allowing them to bypass authentication and gain access to the device.
For the Microsoft Surface Pro X, the attack method was slightly different. The attacker would need to unplug the Type Cover, which includes the fingerprint sensor, and connect a USB