Researchers Figure Out How To Bypass Fingerprint Readers In Most Windows PCs (arstechnica.com) 25
An anonymous reader quotes a report from Ars Technica: [L]ast week, researchers at Blackwing Intelligence published an extensive document showing how they had managed to work around some of the most popular fingerprint sensors used in Windows PCs. Security researchers Jesse D'Aguanno and Timo Teras write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft's own Surface Pro Type Covers. These are just three laptop models from the wide universe of PCs, but one of these three companies usually does make the fingerprint sensor in every laptop we've reviewed in the last few years. It's likely that most Windows PCs with fingerprint readers will be vulnerable to similar exploits.
Blackwing's post on the vulnerability is also a good overview of exactly how fingerprint sensors in a modern PC work. Most Windows Hello-compatible fingerprint readers use "match on chip" sensors, meaning that the sensor has its own processors and storage that perform all fingerprint scanning and matching independently without relying on the host PC's hardware. This ensures that fingerprint data can't be accessed or extracted if the host PC is compromised. If you're familiar with Apple's terminology, this is basically the way its Secure Enclave is set up. Communication between the fingerprint sensor and the rest of the system is supposed to be handled by the Secure Device Connection Protocol (SCDP). This is a Microsoft-developed protocol that is meant to verify that fingerprint sensors are trustworthy and uncompromised, and to encrypt traffic between the fingerprint sensor and the rest of the PC.
Each fingerprint sensor was ultimately defeated by a different weakness. The Dell laptop's Goodix fingerprint sensor implemented SCDP properly in Windows but used no such protections in Linux. Connecting the fingerprint sensor to a Raspberry Pi 4, the team was able to exploit the Linux support plus "poor code quality" to enroll a new fingerprint that would allow entry into a Windows account. As for the Synaptic and ELAN fingerprint readers used by Lenovo and Microsoft (respectively), the main issue is that both sensors supported SCDP but that it wasn't actually enabled. Synaptic's touchpad used a custom TLS implementation for communication that the Blackwing team was able to exploit, while the Surface fingerprint reader used cleartext communication over USB for communication. "In fact, any USB device can claim to be the ELAN sensor (by spoofing its VID/PID) and simply claim that an authorized user is logging in," wrote D'Aguanno and Teras."Though all of these exploits ultimately require physical access to a device and an attacker who is determined to break into your specific laptop, the wide variety of possible exploits means that there's no single fix that can address all of these issues, even if laptop manufacturers are motivated to implement them," concludes Ars.
Blackwing recommends all Windows Hello fingerprint sensors enable SCDP, the protocol Microsoft developed to try to prevent this exploit. PC makers should also "have a qualified expert third party audit [their] implementation" to improve code quality and security.
Blackwing's post on the vulnerability is also a good overview of exactly how fingerprint sensors in a modern PC work. Most Windows Hello-compatible fingerprint readers use "match on chip" sensors, meaning that the sensor has its own processors and storage that perform all fingerprint scanning and matching independently without relying on the host PC's hardware. This ensures that fingerprint data can't be accessed or extracted if the host PC is compromised. If you're familiar with Apple's terminology, this is basically the way its Secure Enclave is set up. Communication between the fingerprint sensor and the rest of the system is supposed to be handled by the Secure Device Connection Protocol (SCDP). This is a Microsoft-developed protocol that is meant to verify that fingerprint sensors are trustworthy and uncompromised, and to encrypt traffic between the fingerprint sensor and the rest of the PC.
Each fingerprint sensor was ultimately defeated by a different weakness. The Dell laptop's Goodix fingerprint sensor implemented SCDP properly in Windows but used no such protections in Linux. Connecting the fingerprint sensor to a Raspberry Pi 4, the team was able to exploit the Linux support plus "poor code quality" to enroll a new fingerprint that would allow entry into a Windows account. As for the Synaptic and ELAN fingerprint readers used by Lenovo and Microsoft (respectively), the main issue is that both sensors supported SCDP but that it wasn't actually enabled. Synaptic's touchpad used a custom TLS implementation for communication that the Blackwing team was able to exploit, while the Surface fingerprint reader used cleartext communication over USB for communication. "In fact, any USB device can claim to be the ELAN sensor (by spoofing its VID/PID) and simply claim that an authorized user is logging in," wrote D'Aguanno and Teras."Though all of these exploits ultimately require physical access to a device and an attacker who is determined to break into your specific laptop, the wide variety of possible exploits means that there's no single fix that can address all of these issues, even if laptop manufacturers are motivated to implement them," concludes Ars.
Blackwing recommends all Windows Hello fingerprint sensors enable SCDP, the protocol Microsoft developed to try to prevent this exploit. PC makers should also "have a qualified expert third party audit [their] implementation" to improve code quality and security.
Dupe (Score:4, Informative)
https://tech.slashdot.org/stor... [slashdot.org]
Re: (Score:2)
Unable to verify this article has a genuine unique posting.
Besides this being a dupe I... (Score:2)
Which I haven't gotten to work under Linux.
Re: (Score:2)
Just face-roll it.
Re: Besides this being a dupe I... (Score:2)
Can you still trick these things with a photo?
Re: (Score:2)
Windows Hello does require an IR camera to work, the purpose of which is to prevent photos fooling it.
Re: Besides this being a dupe I... (Score:5, Funny)
did it involve (Score:2)
The Middle Finger. (Score:2)
No, but it will give you the middle finger.
Re: (Score:2)
plug in security (Score:2)
> In fact, any USB device can claim to be the ELAN sensor (by spoofing its VID/PID) and simply claim that an authorized user is logging in
Plug in access, I need to try this.
Re: (Score:2)
I'm surprised Microsoft goofed on this, but then again it's Microsoft... Also I have seen quite a lot of stuff screw up in similar ways. I suspect a lot of mid level managers don't actually realize that spoofing USB is trivially easy.
For an external part to be trusted it really needs a challenge-response protocol or something similar, even if the part is an internal plug-in module, and sometimes even if the part is soldered on if this is protecting customer's data and/or money.
Probably Microsoft looked at
pretty sure there are backdoors (Score:3)
The way the protocol works I am pretty sure forensics companies and law enforcement have backdoors. I don't use any of these fingerprint devices. Even a password feels more secure.
Re: (Score:2)
Why, so they can torture me for my password instead of just cutting off my fingers?
Please, just take the fingers!
Re: (Score:2)
The cops are cutting off fingers now? Qualified immunity sure escalated quickly!
Re: (Score:2)
The cops are cutting off fingers now? Qualified immunity sure escalated quickly!
Mabe not the fingers of white Americans, but I'd hate to be a black muslim foreigner and come under suspicion in the US nowadays.
Yes, I might be paranoid, but I will not visit the US any more (and I'm not even a black muslim, just a foreigner).
Re: (Score:2)
The treatment of Muslim foreign nationals is problematic in many Western countries. And the rise of far-right populist political parties in EU is deeply troubling.In the US it's not so surprising because we were always a little, you know, violently racist and xenophobic.
Re: (Score:2)
Congrats. That's exactly what they wanted you to believe. Shun the "new" in favour of the "old" under the delusion that one is backdoored and not the other.
Re: (Score:2)
If you prepared your laptop well enough, it is more secure. If you prepared your laptop to boot into a different system when a different password is entered, passwords have an advantage over biometrics.
Apart from that, finger prints are dead easy to harvest end quite easy to duplicate.
Re: (Score:1)
Something you have, something you know. Fingerprints are something you have; passwords are something you know.
What about FIPS ones? (Score:2)
SDCP (Score:2)
Re: (Score:1)
Oh, THAT's why it didn't work as expected! MS's engineers thought they were supposed to implement "Super Crappy Data Protection".