Fingerprint scanners on popular laptops, including those from Dell, Lenovo, and Microsoft Surface, were found to be less secure than expected.
Researchers from Blackwing Intelligence were asked by Microsoft’s Offensive Research and Security Engineering (MORSE) to evaluate the security of the top three fingerprint sensors embedded in laptops and used for Windows Hello fingerprint authentication and they found vulnerabilities within all of them.
Blackwing tested three devices: the Dell Inspiron 15, Lenovo ThinkPad T14, and a Microsoft Surface Pro with a Type Cover peripheral equipped with fingerprint sensor.
Each of these devices features ‘match on chip’ sensors, specifically designed to enable secure fingerprint matching within the chip itself.
The research revealed that manufacturers misunderstood Microsoft’s Secure Device Connection Protocol (SDCP), resulting in two out of three tested devices lacking SDCP activation. SDCP is designed to secure biometric authentication through fingerprint scans, ensuring data privacy.
The researchers employed distinct sets of exploits for each device. In the case of the Dell, it involved disconnecting the fingerprint sensor and connecting it to an external device.
This external device rewrote the sensor’s configuration packet, directing it to a Linux fingerprint database. This manipulation allowed the attacker to falsify credentials for a target account on a Windows machine.
Regarding the Lenovo, Blackwing targeted the transport layer security (TLS) stack responsible for securing USB communication between the host driver and sensor. The researchers successfully executed this attack.
For the Surface, the process was simplified by spoofing the Type Cover using a USB device and subsequently logging in.
The researchers emphasised the importance of vendors implementing SDCP and urged greater caution in deploying fingerprint ID on Windows devices to enhance security.