BlueHat Oct 23. S02: A Touch of Pwn: Attacking Windows Hello Fingerprint Authentication
ฝัง
- เผยแพร่เมื่อ 8 ก.ย. 2024
- In this talk, Jesse D'Aguanno & Timo Teräs from Blackwing Intelligence discuss collaborating with Microsoft Offensive Research & Security Engineering (MORSE) to assess the security of leading fingerprint sensors used in Windows biometric authentication. The video provides an in-depth look at our vulnerability research process, which involved comprehensive reverse engineering of software and hardware, uncovering cryptographic implementation flaws in a custom TLS, and decoding and reimplementing proprietary protocols. This journey took us from a basic understanding of biometric authentication to successfully bypassing Windows Hello authentication on all three research targets.
The talks highlights key aspects of the Secure Device Connection Protocol (SDCP), reverse engineering, and the creation of custom Wireshark dissectors to understand proprietary host-to-sensor communication protocols over USB. It also introduces a unique approach to creating a USB MitM for high-speed devices. Watch the video to see demonstrations of all three Windows Hello authentication bypass exploits.
Hopefully, they can fix this with a firmware and software update. Also totally astonishing that the Linux implementation is just completely unauthenticated.
Nice. Good job.
I wish you tested Fingerprint cards (FPC) sensor to. I wonder if there was a specific reason not to?
This was a specific case of integrated fingerprint sensors, representing the typical implementation of a direct-from-device-manufacturer fingerprint scanner utilized by Windows Hello for enhanced security, ie a typical use case for a Microsoft user (for example in the business world). The realm of third party fingerprint sensor peripherals is so vast in both size and quality that it would be very difficult to adequately evaluate in its own case study, much less in one also including integrated biometrics.
Another big sticking point is that proper implementation of security standards with these integrated devices depends on Microsoft working with device manufacturers. That isn't really a thing in the peripherals market, except for maybe a couple of choice partners (maybe, idk for sure in this case, that's just how it usually goes), so it would really muddy the waters when it comes time to draw conclusions about what Microsoft could do to improve their security feature.
Remember, at the end of the day, this is security science research, not consumer product testing; and effective research is all about controlling the variables.
This doesn't feel like responsible disclosure to me. Sure, all of the attacks require physical access, and yet there is no mitigation strategy even discussed. Is facecam Windows Hello insecure too? Who knows...
Sería más bueno Wee UE se traduzca en español
Mygawd BRO!! It seems as though public speaking makes you a little nervous which is common.
You can clearly tell by your breathing.
The gum chewing really amplifies all these little things.
I really hate to be that person but this was serious topic and that gum, breathing, and savage borderline choke swallowing midsentence was too much.🥴
This is definitely your fault but I would definitely ask your bros why they all let you carry on without giving you a signal or even text.
I ended up reformatting the transcript and listened to a gun free ai.
Great information and appreciate the teams work!
anyone ever get a ping in your head , or ears at the same kind of times. like a pattern >?