Windows Hello is the flagship of Microsoft's passwordless strategy. It is used to authenticate users, not just at login but also in new features such as Personal Data Encryption, Administrator Protection, Passkeys, and Recall. Windows Hello allows a user to authenticate without a password but using a PIN or biometrics, a fingerprint or face recognition. Windows Hello for Business (WHfB) extends these capabilities in order to enable authentication using an Identity Provider like Entra ID or Active Directory. Also, Windows Hello can be configured to run in Enhanced Sign-in Security (ESS) mode. Using Virtual Based Security, this mode is supposed to isolate the identification procedure, preventing attacks even from administrators. This talk provides the most comprehensive overview of WHfB's internal mechanisms so far, discussing WHfB's big and little secrets, lifted by reverse engineering. We follow the journey of biometrics through the system, from capture to identification. This allows us to answer many questions: Where are biometric data stored? What is the role of the so-called indispensable TPM? What is ESS and what security does it really provide? What is transmitted to the Identity Provider when we have no password involved? Particular focus will be put on the internals of databases used for facial recognition. One might think that biometrics to identify a user would be secure, and potentially protected via the TPM, but this is not the case. In fact, it is quite the opposite! We will present a new attack that targets the storage subsystem of the biometric unit. We will show how the biometric templates are "encrypted" and how a local administrator can exchange biometric features in the database. This allows authentication as any user already enrolled in the targeted system, including the possibility to make a lateral movement by usurping a domain administrator. Smile, you are on camera, and you are authenticated as someone else. Finally, we will discuss possible remediations to use WHfB in a more secure context. By: Baptiste David | IT Security Specialist, ERNW Enno Rey Netzwerke GmbH Tillmann Oßwald | Security Researcher, ERNW Enno Rey Netzwerke GmbH Presentation Materials Available at: https://ift.tt/4PjbmfK
source https://www.youtube.com/watch?v=SkWZ5KcelD4
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
-
Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component. The post Android Update ...
No comments:
Post a Comment