Windows is equipped with a security feature called “Windows Hello” that lets you log in using your fingerprint or facial recognition. However, an attack method that allows Windows Hello fingerprint authentication to be compromised using someone else’s fingerprint has been developed by a security research institute.Blackwing Intelligence“It was discovered by.
A Touch of Pwn – Part 1
https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/
There are two methods of fingerprint authentication on computers: the “match on host” method, which authenticates by accessing the storage and processor used by the operating system, and the “match on host” method, which authenticates using independent storage and processor for fingerprint authentication, There are two types of “on-chip” methods. On-chip matching is said to have stronger security than on-chip matching, and Microsoft has developed a toolNecessary conditionsWe require that an on-chip conformity authentication system be installed.
However, the on-chip matching method involves a “malicious fingerprint sensor masquerading as a legitimate fingerprint sensor and sending a signal that ‘authentication is complete’ to the system”, a ‘malicious fingerprint sensor impersonating a legitimate fingerprint’ sensor, and sending a signal that ‘authentication is complete’ Authentication” to the system. There is no function to prevent attacks such as “sending signals”. Therefore, Microsoft has developed a security protocol that ensures that the fingerprint sensor is authentic and that authentication is performed by the user himself.Secure Device Communication Protocol (SDCP)“It is being developed.
In order to demonstrate Blackwing Intelligence’s ability to crack fingerprint authentication protected by on-chip matching and SDCP, we set up three models: Dell Inspiron 15, Lenovo Thinkpad, and Microsoft Surface Pro “And I tried to hack the fingerprint authentication. I did that. As a result, the Dell Inspiron 15 successfully cracked the fingerprint authentication even though it was protected by SDCP. Furthermore, it was revealed that the ‘Microsoft Surface Pro’ nextPlay approximately 30 minutes and 58 secondsNext, you can see how fingerprint authentication is broken in Windows Hell with the fingerprint of someone who is not registered as a user.
BlueHat Oct 23 S02: A Touch of Pwn: Attacking Windows Hello Fingerprint Authentication – YouTube
The attack method discovered this time requires “installing Linux on the target device.” For this reason, foreign media outlet XDA Developers said: “The probability of carrying out an attack is very low.”Pointing outa job. Additionally, XDA Developers suggests users concerned about attacks disable Windows Hello.
Copy the title and URL of this article
·Related articles
It turns out that ‘Windows Hello’ facial authentication can be cracked through infrared images – GIGAZINE
It turns out that Windows 10’s facial recognition function can be fooled by low-resolution color copies of infrared images – GIGAZINE
Apple’s facial recognition technology could be overcome by simply sticking tape to glasses, researchers point to ‘Achilles’ heel of biometric authentication’
It’s very easy to crack Samsung’s Galaxy S8 iris authentication – GIGAZINE
Hack smartphone fingerprint authentication through fingerprint printed using inkjet printer – GIGAZINE
In Security, Posted by log1o_hf
You can read the article in English with machine translation here.
“Travel maven. Beer expert. Subtly charming alcohol fan. Internet junkie. Avid bacon scholar.”
More Stories
The oldest evidence in the history of research on terrestrial magnetism has been discovered dating back 3.7 billion years; Its power is comparable to the position of the sorae portal that exists today in the universe
Used Surface Laptop Studio with Core i5-11300H starts on sale at 90,000 yen[المبيعات عبر الإنترنت أيضًا]
The Snipping Tool supports inserting emojis and discovering and reading QR codes. The measuring stick is back – Window Jungle