Fingerprint Scanner Type Cover for Surface Pro 8 has hardly any security
The Microsoft Type Cover for the Surface Pro 8 and Pro This is what security researchers claim after research commissioned by Microsoft itself.
Microsoft Surface Pro Type Cover with Fingerprint ID
The Type Cover does not use fingerprint scanner authentication and does not use any SDCPthe protocol that Microsoft developed to log in securely with biometric sensors, the researchers conclude Jesse D’Aguanno and Timo Teräs. In addition, it sends data in cleartext via USB. The fingerprint scanner can be spoofed by plugging in a USB device with the same PID, causing Windows to think it is a Type Cover. Then you can give the command that the fingerprint is correct.
The Surface Type Cover has a sensor from ELAN and turned out to be the easiest to bypass. A Dell Inspiron 15 with a Goodix sensor was also found to have sloppy code. That security was less easy to circumvent. With a man-in-the-middle attack it turned out to be possible to replace the internal USB with an external USB, after which software gave the command to check the fingerprint under Windows in the database for Linux. The attack consisted of creating a correct fingerprint under Linux with the same ID as that under the Windows account the researchers wanted to compromise. Through the mitm attack, the USB pointed the Windows host to Linux’s database and authenticated the user.
The Lenovo ThinkBook T14 has a Synaptics sensor with its own TLS implementation to secure the transmission of information via USB. That encryption turned out to work with the serial number of the laptop and the product name. After breaking the encryption, it turned out to be possible to provide the attacker’s fingerprint with the ID of the actual user, after which Windows Hello also let the attacker in without any problems.
All attacks require physical access to the device and require additional hardware, so they are not critical vulnerabilities that are easy to exploit. The risk for home users of laptops therefore seems relatively low.