Full Report
Many laptops come with fingerprint sensors that are used with the Windows Hello platform. The sensors use the Secure Device Connection Protocol (SDCP) for usage. This protocol is used in order to ensure that the fingerprint device and communication between them is valid. The modules are loaded in via secure boot on the Windows side. To create a secure connection, the host and device perform a key agreement to derive shared session keys. An attestation is sent over, confirming that this is indeed the proper device. Each fingerprint is set up with a unique ID that is associated with the scanner. To identify users the host generates a nonce and sends it to the sensor. The sensor does the biometric matching at this point. If it's a valid profile, the unique ID of the user is sent over with a MAC using the shared secret. Eventually, they decided to pick some targets. As most researchers should be, they prioritized things with more support, easier to reverse engineer and bad code quality. Their first target was the Dell Inspiron. To intercept the USB traffic, they used a Linux driver and added some additional functionality. The Dell Inspiron on Windows did everythign correctly. However, the Linux side did not implement SDCP for whatever reason. So, a user could generate arbitrary unique IDs and ask them to be stored, unlike the regular flow where the host chooses the key. Their plan was to enroll the attackers unique key on Linux to be the same as the Windows box. In practice, they learned that the stores for these are different. But, how does it know which database to use? By executing a successful MitM and modifying the type, an attacker can get the module to use their fingerprint! Since the IDs were the same, Windows thought it was valid and processed to unlock the computer. Originally, they just tested this in WinDbg. Eventually, they wrote a USB tool in Linux to intercept the traffic. On the Lenovo Thinkpad, they rolled their own TLS stack instead of using SDCP. Weird! The client certificate and key are encrypted when going across the wire using the device name and serial number (lolz). After this, a TLS session is made. This can be MitM'ed, since we know the private key of the certificate in user. Eventually, they reimplemented enough of the TLS stack to pwn it. On the Microsoft Surface Pro, it was a joke. They implemented no SDCP, no authentication and completely clear text USB communication. Any USB device can claim to be the proper sensor and it will be accepted. The process of authenticating the senor is a must on this. What is better: passwords or biometrics? You see, the biometrics opens up an entirely new attack surface that we've never seen before. Although it's convinent, it is also terrifying. Overall, an awesome post on SDCP, hardware hacking, USB tool writing and so much more. One of my favorite articles of the year!
Analysis Summary
# Vulnerability: Windows Hello Biometric Bypass on Major Laptop Vendors
## CVE Details
- **CVE ID**: Not explicitly assigned in the source (Identified as multiple 0-day flaws at the time of publication).
- **CVSS Score**: N/A (Estimated 8.1 - High: `AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`)
- **CWE**:
- CWE-287: Improper Authentication
- CWE-311: Missing Encryption of Sensitive Data (Surface Pro)
- CWE-290: Authentication Bypass by Spoofing
- CWE-321: Use of Hard-coded Cryptographic Key (Lenovo)
## Affected Systems
- **Products**:
- Dell Inspiron 15 (Goodix sensor)
- Lenovo ThinkPad T14 (Synaptics sensor)
- Microsoft Surface Pro Type Cover (ELAN sensor)
- **Versions**: All versions prior to November 2023.
- **Configurations**: Systems utilizing Windows Hello Fingerprint authentication (Match-on-Chip sensors).
## Vulnerability Description
Researchers discovered significant flaws in the implementation of the Secure Device Connection Protocol (SDCP) and proprietary communication layers across three major laptop vendors:
1. **Dell (Goodix):** The sensor supports SDCP on Windows but lacks it on Linux. An attacker can use a Linux environment to enroll a fingerprint with an unauthorized ID. By performing a Man-in-the-Middle (MitM) attack to change the "database type," the sensor can be tricked into using the Linux-enrolled unauthorized template to authorize a Windows login.
2. **Lenovo (Synaptics):** Instead of using Microsoft's SDCP, Lenovo implemented a custom TLS stack. The client certificate/private key used for session security is encrypted using a weak, predictable derivation based on the device name and serial number, allowing for MitM and session interception.
3. **Microsoft Surface (ELAN):** The device lacks any SDCP implementation or authentication. Communication is sent in cleartext over USB. Any USB device can spoof the sensor to send a "valid match" signal to the host.
## Exploitation
- **Status**: PoC available (demonstrated by Blackwing Intelligence).
- **Complexity**: Medium to High (Requires custom USB hardware/drivers and reverse engineering of proprietary protocols).
- **Attack Vector**: Physical (Requires access to the USB bus, typically via a malicious peripheral or Interposer).
## Impact
- **Confidentiality**: High (Full access to the device data upon login).
- **Integrity**: High (Ability to modify system settings/files as the logged-in user).
- **Availability**: High (Full control over the user session).
## Remediation
### Patches
- Users should ensure all Windows Updates and OEM-specific firmware updates (via Dell Command Update, Lenovo Vantage, etc.) are applied.
- Manufacturers are advised to correctly implement and enable **Secure Device Connection Protocol (SDCP)**.
### Workarounds
- Disable Fingerprint authentication in Windows Hello settings and rely on strong Passwords or PINs.
- Disable USB port access in BIOS/UEFI for untrusted environments.
## Detection
- **Indicators of compromise**: Unusual USB devices appearing in device manager; presence of hardware interposers between the laptop chassis and the fingerprint sensor (internal).
- **Detection methods**: Difficult to detect via software as the exploits mimic valid hardware interactions. Forensic analysis of Windows Hello logs may show unusual enrollment/authentication patterns.
## References
- Blackwing Intelligence Blog: hxxps[://]blackwinghq[.]com/blog/posts/a-touch-of-pwn-part-i/
- Microsoft BlueHat Presentation: hxxps[://]www[.]youtube[.]com/watch?v=gjvu-l6vKFE
- SDCP Specification: hxxps[://]github[.]com/microsoft/SecureDeviceConnectionProtocol