A research team from Blackwing Intelligence has identified vulnerabilities that could enable the bypass of Windows Hello authentication on popular laptop models, including Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X. These security flaws impact fingerprint sensors manufactured by Goodix, Synaptics, and ELAN embedded in the devices.
The vulnerabilities stem from the “match on chip” (MoC) nature of the sensors, which, while preventing replaying stored fingerprint data, fails to safeguard against malicious sensors spoofing legitimate communications, potentially leading to unauthorized access. Researchers emphasized the need for original equipment manufacturers (OEMs) to enable the Secure Device Connection Protocol (SDCP) and undergo independent audits for fingerprint sensor implementations.
The research details three distinct exploits for fingerprint sensors from Goodix, Synaptics, and ELAN. For ELAN, a lack of SDCP support and cleartext transmission of security identifiers (SIDs) allows any USB device to pose as the fingerprint sensor, falsely claiming authorized user logins.
Synaptics’ SDCP was found turned off by default, relying on a flawed custom Transport Layer Security (TLS) stack, offering a potential route for attackers to bypass biometric authentication. The Goodix sensor’s vulnerability leverages differences in enrollment operations between Windows and Linux, enabling an attacker to exploit the absence of SDCP support in Linux for fingerprint template database manipulation.
The research underlines the importance of OEMs adopting security measures like enabling SDCP and independent auditing of fingerprint sensor implementations. While Microsoft designed SDCP to provide a secure channel, the study reveals a misunderstanding of its objectives among device manufacturers, leaving a sizable attack surface exposed.
This isn’t the first instance of Windows Hello biometric authentication being compromised, emphasizing the ongoing challenges in securing biometric data on devices and the need for continuous improvement in security protocols.
