An attack method is discovered that allows anyone to sign in by hacking Windows fingerprint authentication

Windows is equipped with a security feature called ``Windows Hello'' that allows you to sign in using your fingerprint or facial recognition. However, security research institute Blackwing Intelligence has discovered an attack method that allows fingerprint authentication using Windows Hello to be broken using someone else's fingerprint.

A Touch of Pwn - Part I
https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/

There are two methods for fingerprint authentication on PCs: the ``match-on host'' method, which performs authentication by accessing the storage and processor used by the OS, and the ``match-on host'' method, which performs authentication using an independent storage and processor for fingerprint authentication. There are two types of 'chip' methods. The match-on-chip method is said to have stronger security than the match-on-host method, and Microsoft requires the installation of a match-on-chip authentication system as a prerequisite for fingerprint authentication in Windows Hello. .

However, the match-on-chip method involves ``a malicious fingerprint sensor masquerading as a legitimate fingerprint sensor and sending a signal that ``authentication is complete'' to the system,'' ``A malicious fingerprint sensor impersonates a legitimate fingerprint sensor, and sends a signal that ``authentication is complete'' to the system. There is no function to prevent attacks such as 'sending signals'. Therefore, Microsoft is developing a security protocol called ` `Secure Device Connection Protocol (SDCP)' ' that guarantees that ``the fingerprint sensor is genuine and the authentication was performed by the user himself.''

In order to prove that Blackwing Intelligence can break through fingerprint authentication protected by match-on-chip method and SDCP, we prepared three models: ``Dell Inspiron 15'', ``Lenovo Thinkpad'', and ``Microsoft Surface Pro X'' and attempted to break through fingerprint authentication. I did. As a result, 'Dell Inspiron 15' succeeded in breaking through fingerprint authentication although it was protected by SDCP. Furthermore, it has been revealed that ``Microsoft Surface Pro If you play around 30 minutes 58 seconds of the following movie, you can see how the fingerprint of a person who is not registered as a user breaks through Windows Hello's fingerprint authentication.

BlueHat Oct 23. S02: A Touch of Pwn: Attacking Windows Hello Fingerprint Authentication - YouTube


The attack method discovered this time requires the work of ``installing Linux on the target machine.'' For this reason, foreign media outlet XDA Developers points out that ``the possibility of an attack being executed is extremely low.'' Additionally, XDA Developers suggests that users who are concerned about attacks disable Windows Hello.