While Windows laptop users like to think they have their own version of Touch ID, it appears not to offer the same level of security. The Windows Hello fingerprint authentication system on the top three laptops to use it has been put to the test by security researchers – and all three failed.
To be fair, the team was carrying out the penetration tests at the request of Microsoft – but it was a Microsoft Surface product that turned out to be easiest to bypass …
Microsoft asked cybersecurity company Blackwing Intelligence to carry out the tests.
Microsoft’s Offensive Research and Security Engineering (MORSE) asked us to evaluate the security of the top three fingerprint sensors embedded in laptops and used for Windows Hello fingerprint authentication. Our research revealed multiple vulnerabilities that our team successfully exploited, allowing us to completely bypass Windows Hello authentication on all three laptops.
Different approaches had to be taken for each of the three:
- Dell Inspiron 15
- Lenovo ThinkPad T14
- Microsoft Surface Pro Type Cover with Fingerprint ID (for Surface Pro 8 / X)
When you read the team’s description of the security protocols used (or not used, as we’ll see …), it certainly sounds like a formidable challenge. But the team found ways around them.
Dell Inspiron 15
When you boot the machine into Windows, it follows the full security protocols, which includes something known as the Secure Device Connection Protocol (SDCP).
This aims to carry out the following checks:
- The host is talking to a trusted device, not a malicious one
- The device is checked to ensure it’s not running hacked firmware
- The fingerprint data isn’t cached or replayed
However, while Windows access to the reader uses SDCP, Linux access doesn’t, giving the team its first idea.
What if we boot the target device into Linux and use the Linux side to enroll an attacker fingerprint into the template database, specifying the same ID as a legitimate user enrolled on the Windows side?
That didn’t work, as there turned out to be separate databases on the chip for Windows and Linux. But Blackwing worked out how Windows knew which database to access, and managed to point it to the Linux one instead. That gave the following solution (where MitM refers to a Man in the Middle attack):
- Boot to Linux
- Enumerate valid IDs
- Enroll attacker’s fingerprint using the same ID as a legitimate Windows user
- MitM the connection between the host and sensor
- Boot Windows
- Intercept and rewrite the configuration packet to point to the Linux DB using our MitM
- Login as the legitimate user with attacker’s print
Lenovo ThinkPad T14s
Although the Synaptics fingerprint sensor used in this supports SDCP, it’s disabled! The device instead uses a custom Transport Security Layer (TLS) intended to do the same job.
Unfortunately, this alternate security system isn’t very secure.
The client certificate & key are readable by anyone, but they’re encrypted. Encrypted with what? Lots more RE later, it turns out they’re encrypted by a key derived from two pieces of information: the machine’s product name and serial number — which it retrieves from the BIOS via ACPI (they’re also available on the sticker on the bottom of the laptop 😜).
Which gave the following solution:
- Read encrypted client cert / key
- Decrypt encrypted blob with key derived from product name & serial number
- Negotiate TLS session with sensor
- Enumerate valid Windows fingerprint template IDs
- Enroll attacker’s fingerprint, spoofing valid ID
- Boot into Windows
- Login as target Windows user with attacker’s fingerprint
Microsoft Surface Pro Type Cover with Fingerprint ID
While the team had expected an official Microsoft product to be the toughest challenge, they were amazed to find incredibly poor security.
- No SDCP
- Cleartext USB communication
- No authentication
So they simply had to disconnect the fingerprint sensor and plug in their own device to spoof it – initially a Raspberry Pi and later a smaller and quicker USB armory.
- Unplug Type Cover (the driver can’t handle two sensors plugged in, it goes wacky)
- Plug in attack device, advertise VID/PID of sensor
- Observe valid SID from Windows driver
- Pass “how many fingerprints” check
- Initiate Fingerprint Login on Windows
- Send Valid Login Response From Spoofed Device
What about TouchID on MacBooks?
Apple has an excellent track record at implementing far better biometric security than its competitors.
Both Touch ID and Face ID store the biometric data in the Secure Enclave, and the rest of the Mac has no access to this data – it only asks for permission to unlock the device, and the Secure Enclave simply says yes or no. Here’s how Apple describes it:
The chip in your device includes an advanced security architecture called the Secure Enclave, which was developed to protect your passcode and fingerprint data. Touch ID doesn’t store any images of your fingerprint, and instead only relies on a mathematical representation. It isn’t possible for someone to reverse engineer your actual fingerprint image from this stored data.
Your fingerprint data is encrypted, stored on disk and protected with a key only available to the Secure Enclave. Your fingerprint data is only used by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. It can’t be accessed by the OS on your device or by any applications running on it. It’s never stored on Apple servers, it’s never backed up to iCloud or anywhere else and it can’t be used to match against other fingerprint databases.
I’d expect Blackwing to fail if it made a similar attempt to break Touch ID, but it would be fantastic if Apple would demonstrate sufficient confidence to ask the team to try.
Photo: Microsoft
FTC: We use income earning auto affiliate links. More.
Comments