German security researchers say 'Windows Hell No' to Microsoft biometrics for biz Microsoft is pushing hard for Windows users to shift from using passwords to its Hello biometrics system, but researchers sponsored by the German government have found a critical flaw in its business implementation. In a presentation at the Black Hat conference in Las Vegas, Dr Baptiste David and Tillmann Osswald from …
Using Sysinternal's CoreInfo tool and a webpage from 2011 (yes, apparently 14 years ago if the date is trustworthy), you can check if your computer meets the requirements.
https://www.howtogeek.com/73318/how-to-check-if-your-cpu-supports-second-level-address-translation-slat/
Note: Do execute the correct bitness version of coreinfo.exe. Running the 32-bit version on a 64-bit OS fails to work.
Good spot and qudos to the researchers and the German government for sponsoring the research.
Unfortunatly in other news Palantir are helping German police with combining access to their software.
https://www.dw.com/en/german-police-expands-use-of-palantir-surveillance-software/a-73497117
This all looks like it is going to end in a very dark place now we have the tool of oppresion readily available and functional to a level that the Stazi could only dream about.
Sorry to be a black and gloomy cloud.
As my cybersecurity career is winding down and an exit visa is increasingly imminent, I have to reflect honestly on the past three decades....
> a local admin, or someone who has access to their credentials via malware or other means, can inject biometric information into a computer that would allow it to recognize any face or fingerprint
This sounds suspiciously like "a local administrator can administer the local machine". What am I missing? What's the actual flaw here?
Good question, thought about that as well:
As far as I understand that: the local admin should not be able to do things that influence how you authenticate against Active Directory. Yes, local admin can local admin, and if you pwn the local admin account you have more problems coming up. But this basically lets an attacker move to other systems via AD using the AD account of another user. The local admin is (usually) only authenticated at the local machine not for the whole AD. (I'd argue if the local admin account can do stuff on other systems it is not a local admin account - at least those are the distinctions at $(myworkplace) ).
Great answer.
In addition to that, this would bypass other restrictions you can enable in windows. For example, Personal Data Encryption (PDE) uses windows hello to encrypt files, which means even local admins cannot access them.
Also relevant suggestion: harden your CA policies in entra. For admin portals i prefer requiring a compliant device and excluding WHfB as an auth method (bonus points for short session times). this isn't user-friendly, but requires breaching both a device (without malware detections if set up properly), and a separate 2FA method.
Becasue it only takes one lucky hit of an admin local account that has the same access to AD/Azure/Entra/InTune to ruin everyone's day.
And those exist far more than most people think.
Not to mention M$ never ending vulnerabilities that either weren't patched by users yet, or ones we don't yet know about.
While I'm not a security pro, I HAVE looked over CISSP, CND, and CompTIA material as it's adjacent to my field and the vulnerabilities are... goddamn unbelievable.
Sleep well!
No - rather listen to saint iGNUcius when he suggests you say no even once.
No to propriety drugs even once. No to biometrics even once. No to proprietary software and SaaSS even once (LLMs).
Say no to passwords for public systems.
For private computers, use authentication methods that can be reset once leaked like passwords.
Say no to windows even once - using a LTSC version is of no meaningful difference and means never saying no to windows.
>> No to propriety drugs even once.
That is one hill only a fool (like St iGNutius) would choose to die on. And he's certainly free to do so. Patents eventually expire. In the meantime, best to stay alive until the drug you depend on is available as a generic.
Even if you have a perfect reader that cannot be exploited or tricked, everyone who has ever been attacked with regular biometric scans, or is visible in public photos of decent resolution has had their biometrics leaked.
Once your biometrics have been leaked, you cannot reset them (while it's trivial to reset a password).
Fingerprints seem to be the only biometrics that can be partially reset, but that is a quite invasive surgery that leaves extensive scarring; https://www.theregister.com/2009/12/08/fingerprint_surgery/ (it seems you can only swap the fingerprints around - if you attempt to burn your fingerprints off with acid while leaving the rest of your fingers intact, you'll find them eventually growing back).
It's the usual broken by design for security by Microsoft.
Face ID and similar do not replace the secret component in security, no matter what sci-fi series you want it to be like. They are identifiers and should never replace the secret component in authentication. This makes them good as a replacement for the user ID side of things, it makes them a good additional component in addition to a password, but they make an appalling and backwards step when replacing a password
Biometrics are OK if used as the "user ID" part of authentication. But you'll still need to enter that (resetable) password or token.
That picture of my surly mug just demonstrates to the system that, "Yes. It still is me sitting at the keyboard." Should that change, I'll be prompted for the password of the new chair's occupant.
If M$ wraps this tech in an easy to use shell, everybody will find it easy to implement. This means that whatever biometric is harvested will be harvested and coded in the same way so systems everywhere will know who you are. It becomes the same as somebody using the same password for everything so if you know their password for InstaPintaTwitFace, you know their password for their retirement account at the bank.
