Security News > 2021 > August > Black Hat: Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers Say
LAS VEGAS - Microsoft Windows 10 biometric user authentication systems Windows Hello can be bypassed, using a single infrared image of a user's face planted on a tampered clone of an external USB-based webcam.
According to research disclosed here at Black Hat USA 2021, the flaw still allows attackers - in some scenarios - to bypass Windows Hello and Windows Hello for Business, used for single-sign-on access to a user's computer and a host of Windows services and associated data.
Giving a nod to previous research on Windows ecosystem's tokens and encryption keys by Benjamin Delpy and Dirk-Jan Mollema, Tsarfati said his hack also sidesteps the need to acquire Azure AD Primary Refresh Tokens used for single sign-on access to Windows.
Using tools to capture the URB packets sent and received by the targeted PC to communicate and validate the Windows Hello authentication, researchers were able to clone a USB camera on a NXP circuit board with IR and RGB sensors.
"Microsoft did release a fix that restricts the number of camera brands it supports with Windows Hello and restricts external cameras, unless a user permits," he said.
Microsoft responded to CyberArk research, explaining that its July Patch Tuesday mitigation includes an allow list of USB devices that are trusted to be used in the Windows Hello authentication phase.
News URL
https://threatpost.com/microsofts-patch-windows-hello-faulty/168392/
Related news
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs (source)
- Exploit available for new critical TeamCity auth bypass bug, patch now (source)
- Microsoft is killing off the Android apps in Windows 11 feature (source)
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- Researchers expose Microsoft SCCM misconfigs usable in cyberattacks (source)
- Microsoft says Windows 10 21H2 support is ending in June (source)
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover (source)
- Microsoft again bothers Chrome users with Bing popup ads in Windows (source)