Windows Hello says goodbye to laptop security in testing

Hello Windows, my old friend, we've come to toy with you again...
5 December 2023

• Windows Hello – the fingerprint-based biometric security system – has been cracked by vulnerability investigators.
• Windows Hello depends on two key systems, the MOC sensor and the SDCP protocol.
• Investigators from Blackwing found device manufacturers were not diligent in maximizing the protection of laptops.

Hubris is a wonderfully entertaining thing to watch play out on a stage. It’s significantly less wonderful if your laptop’s super-duper biometric security system comes with false pride built in. This does not appear to have occurred to the manufacturers of several laptops protected by Windows Hello – the fingerprint scanner that’s supposed to deliver personalized, biometric security for all your sins, secrets, and sales figures.

At least, it didn’t necessarily occur to them at the appropriate time.

The ideal time for comprehensive bug-testing and security audits is before you release a piece of hardware into the wild. But when Microsoft’s Offensive Research and Security Engineering (MORSE) asked Blackwing Intelligence to test out the security on a number of new laptops that were advertised as being compatible with Windows Hello, it’s probably safe to say they expected a glowing report.

If so, what followed was probably quite a gloomy day at MORSE headquarters.

MORSE gave Blackwing three of the most popular laptops that claim to be compatible with the Windows Hello fingerprint security protocols: the Dell Inspiron 15; the Lenovo ThinkPad T14; and the Microsoft Surface pro type cover with fingerprint ID (for Surface Pro 8/X).

Blackwing ran a vulnerability search process, including significant reverse engineering of both hardware and software, cracking cryptographic flaws, and deciphering and reimplementing proprietary protocols. And while all of those processes took the experience away from the Mission Impossible idea of rendering top-notch security invalid with a paperclip and a ballpoint pen, the end result of Blackwing’s efforts was a full bypass of Windows Hello.

On all three laptops.

While the number of processes through which Blackwing put the laptops to thoroughly diagnose their vulnerabilities was extensive, there were two core elements of the machines that allowed the investigators to entirely bypass Windows Hello.

They were 1) the match on chip sensors, and 2) the secure device connection protocol.

MOC the weak?

Match on chip describes the kind of sensors used in Windows Hello. There’s an alternative, match in sensor, but critically, Windows Hello doesn’t work with those sensors, so any machine that says it’s compatible with Windows Hello will have match on chip sensors.

That’s what bad actors call a single point of vulnerability, and it’s why, for instance, Blackwing was able to perform the same sort of bypass of Windows Hello across three entirely different machines made and branded by three different manufacturers.

Match on chip sensors (MOC sensors) contain a microprocessor and storage built into their chip (the clue is in the name). That setup means fingerprint matching is done locally too, the scanned print being checked against an on-chip database of templates (which you set up when you start to use Windows Hello).

In what is in fact fairly sound engineering theory, that should make for safer biometrics. The prints never leave the chip in the scanner, so the risk of them being stolen is vanishingly small.

Windows Hello uses a particular kind of sensor.

Fingerprint profiles are stored on chip in Windows Hello-compatible machines.

That theoretical extra safety measure is why Windows Hello requires the use of this kind of scanner.

So far, so good, right?

The second line of defense.

Yes, as far as it goes. Sadly, with a devious enough mind and something a touch more sophisticated than a screwdriver, it is still possible to get a malicious sensor to spoof a genuine one in its communications with the host and persuade the system that it’s been verified when it hasn’t.

Spoofing is equivalent to sliding into someone’s DMs… and then stealing their identity, their protocols, their privileges, and probably their house to boot. The malicious sensor sends communications to the host to say everything’s just fine and dandy, and it should allow the verification of whatever it’s being asked to verify, while the innocent sensor is, by contrast, baffled and silent, locked in the electronic equivalent of the basement.

So while match on chip sensors are technically extra secure, they do have a fairly well understood weakness.

The point being that Microsoft… knows that.

In fact, it knows it so thoroughly that it created a whole protocol to ensure the security of the connection between the sensor and the host, to effectively lock out any malicious sensors and make sure the host is communicating strictly, securely, with the innocent sensor with the match on chip.

The protocol is called the secure device connection protocol, or SDCP.

The second element of vulnerability that allowed Blackwing to leave Windows Hello weeping, in pieces, at the feet of all three laptops.

Windows Hello - not as vulnerable to hackers as it is to inattentive manufacturers.

Windows Hello – not as vulnerable to hackers as it is to inattentive manufacturers.

Again, in perfectly sound engineering and computing theory, the SDCP exists to do one thing – to make communication between the sensor and the host reliably secure.

To do that, it needs to make sure the fingerprint device is trusted and healthy, and it needs to ensure the security of the communication between the sensor and the host.

To achieve that, it needs to answer three questions about the fingerprint sensor: how can the host be certain it’s talking to a trusted device and not a malicious device?; how can it be sure the device hasn’t been compromised?; and how is the raw data protected and authenticated?

If it can answer all three of those questions, then in theory, it should be able to operate with a degree of communication certainty that would make Windows Hello as safe as it needs to be. And, crucially, as safe as it’s marketed to be, as a biometric security system to keep systems like laptops as private as we want in this supposedly vunerability-conscious age.

Three professional months to crack Windows Hello.

As with the MOC technology, the SDCP is actually a more-than-reasonably clever way of shutting down the sneaky operators who would try and get past even the most modern of security systems.

But Blackwing managed it. It managed it with a 100% reliable bypass rate, across three different machines.

What’s the takeaway? That Windows Hello is fatally flawed and not worth the silicon it’s written on?

Absolutely not. It’s worth noting that Blackwing does this sort of thing for a living, and it took its investigators a solid three months of daily access to work out how to compromise the system. Once it’s been done once – or indeed, three times – of course, the process can be sped up and streamlined, but still, the weakness appears not to be in Windows Hello itself.

In explaining the functions of the MOC and the SDCP, we’ve only taken you to the gates of the problem. If you appreciate extremely technological cleverness, reading the original Blackwing report on the process of breaking Windows Hello will make you both boggle and chuckle in techie.

Shields up, red alert! No, really – raise the shields!

Windows Hello has two lines of initial defense. One of them wasn't switched on in two out of three cases.

One of these things is not like the other… Device manufacturers would do well to tell them apart.

The point, as Blackwing concludes having spent three months on the problem, is not that Windows Hello is particularly weak, but that device manufacturers either don’t understand it, or don’t do a sufficient amount of configuration and testing before their machines are sent out into the world. Sensor encryption generally used poor quality code, and there’s a likelihood that the sensors used by manufacturers are subject to memory corruption.

But the big spoiler is one that will make bad actors belly laugh.

In two out of the three devices, Blackwing found that the SDCP – the protocol designed specifically to establish secure communication between the sensor and the host, and so close out the loophole in MOC sensors – wasn’t switched on by default.

There are reasons why system engineers twitch whenever anyone dares use the word “foolproof.”

Blackwing is hoping soon to turn its attention to systems by Apple, Android, and Linux.

Watch this gaping hole in security protocols for more as we get it…