There is a way to bypass Windows Hello authenticationMicrosoft’s solution to access Windows through biometric authentication, thanks to a recent vulnerability that affects fingerprint readers on Dell, Lenovo, or even Microsoft itself.
According to reports Blackwing Intelligence, a security research company, was asked by Microsoft Offensive Research and Security Engineering (MORSE) to check the security of fingerprint sensors. They did it, on three specific laptops: Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro Type Cover with fingerprint identification (for Surface Pro 8/X), which have fingerprint scanners from manufacturers such as Goodix, Synaptics and ELAN.
After some research, the team realized they could circumvent Windows Hello on all three devices. performing a MitM attack. This, specifically, allows the communication between two devices connected to the network to be intercepted. With the attack, the researchers managed to access the computer without having to go through Windows Hello when any of the users who are using the laptop at that moment have already previously used the fingerprint reader on the device.
The problem is not actually Windows.
The team of researchers, we reiterate, was able to bypass access using fingerprints and Windows Hello. This, however, is not a Microsoft problem as such. The company, in fact, Features Secure Device Connection Protocol (SDCP) which allows protection between the host and biometric devices. Manufacturers, however, do not activate this protocol by default. Although, yes, the researchers state that “most devices have an exposed attack surface that is not covered by SDCP at all.”
Microsoft has done a good job of designing the SDCP to provide a secure channel between the host and biometric devices. But unfortunately, device manufacturers seem to misunderstand some of the goals. Furthermore, SDCP only covers a very limited scope of a typical device’s operation, while most devices have a considerable exposed attack surface that is not covered by SDCP at all.
Manufacturers, therefore, must activate the SDCP protocol on their devices to avoid future attacks that allow the fingerprint reader to be bypassed.