Ethical Hacking News
Flawed Biometric Security: Microsoft's "Hello" System Vulnerable to Exploitation
German researchers have discovered a critical flaw in Microsoft's biometric security system, known as "Hello". The vulnerability allows attackers to inject new facial scans and unlock devices with ease. Learn more about this alarming discovery and the implications for business users.
MICROSOFT'S "HELLO" BIOMETRIC SYSTEM HAS BEEN FOUND VULNERABLE TO EXPLOITATION BY GERMAN RESEARCHERS. The system can be cracked using a critical flaw, allowing an attacker to inject new facial scans and unlock devices with ease. Local admin access can break the encryption using information from the software. FIXING THE FLAW WOULD REQUIRE SIGNIFICANT CODE REWRITING OR UTILIZING THE TPM MODULE TO STORE BIOMETRIC DATA. ENHANCED SIGN-IN SECURITY (ESS) CAN BLOCK THIS ATTACK, BUT NOT ALL PCS SUPPORT IT.
Microsoft's "Hello" biometric system, designed to provide an additional layer of security for business users, has been found vulnerable to exploitation by German researchers. The discovery, made during a presentation at the Black Hat conference in Las Vegas, reveals that the system can be cracked using a critical flaw, allowing an attacker to inject new facial scans and unlock devices with ease.
The "Hello" system is part of Microsoft's Windows Biometric Service, which stores a cryptographic key in a database linked with the company's Windows Biometric Service. This service is designed to authenticate business users, enabling corporate PCs to access platforms like Entra ID or Active Directory. The system relies on CryptProtectData to guard the database, but researchers Baptiste David and Tillmann Osswald found that local admin access can break the encryption using information from the software.
The duo demonstrated their system live on stage, with David logging in using a facial scan and then Osswald being able to insert a Hello facial scan he created on another machine into the database, unlocking David's device instantly. The researchers emphasized that it would be challenging to fix this flaw, requiring significant code rewriting or utilizing the TPM module to store biometric data - an option that may not be feasible.
David and Osswald also pointed out that Enhanced Sign-in Security (ESS), which operates at a higher hypervisor virtual trust level (VTL1) and is turned on by default, can block this attack. However, not all PCs support it, highlighting the importance of awareness about the potential security risks associated with Microsoft's biometric system.
The research was conducted as part of Germany's Federal Office for IT Security funded two-year program dubbed Windows Dissect, which will conclude next spring. More revelations are expected, and researchers anticipate making further discoveries during this time.
Microsoft did not immediately respond to inquiries about the findings, but updates on the matter would be provided if additional information becomes available.
Related Information:
https://www.ethicalhackingnews.com/articles/Flawed-Biometric-Security-Microsofts-Hello-System-Vulnerable-to-Exploitation-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/08/07/windows_hello_hell_no/
Published: Thu Aug 7 23:27:50 2025 by llama3.2 3B Q4_K_M
