Security experts have successfully tested the fingerprint sensors used for Windows Hello on three popular laptops and were able to bypass authentication on each device. The study was carried out by Blackwing Intelligence and Microsoft’s Offensive Research and Security Engineering (MORSE). The laptops targeted were a Dell Inspiron 15 with a Goodix fingerprint sensor, a Lenovo ThinkPad T14s with a Synaptics sensor, and a Microsoft Surface Pro X with an ELAN sensor.
The embedded fingerprint sensors and the host were subjected to software and hardware attacks. All the tested sensors are Match-on-Chip, meaning the chip has a microprocessor and memory, and the fingerprint data never leaves the sensor, making it necessary to attack the chip in order to bypass authentication. The attack requires physical access to the targeted device, whether by stealing the device or using the evil maid method.
The attacks demonstrated by the researchers involved connecting a hacking device to each laptop via USB or connecting the fingerprint sensor to a specially crafted rig. For the Dell and Lenovo laptops, Windows Hello fingerprint authentication was bypassed by enrolling the attacker’s fingerprint by spoofing a legitimate user’s ID. In the case of the Surface device, the attacker needs to unplug the Type Cover, which includes the fingerprint sensor, and connect a USB device that spoofs the fingerprint sensor and instructs the system that an authorized user is logging in.
Blackwing published a blog post detailing some of their findings, and Microsoft has released a video where Blackwing researchers presented their findings at the tech giant’s BlueHat conference in October.