Post Ac5nmsdV64VOBx0A4G by dickon@splodge.fluff.org
 (DIR) More posts by dickon@splodge.fluff.org
 (DIR) Post #Ac4z3C9bCdz9hD2OES by mjg59@nondeterministic.computer
       2023-11-22T23:03:45Z
       
       0 likes, 2 repeats
       
       https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/ is some very nice research, with some terrifying takeaways:1) Microsoft developed a secure communications path between the OS and any biometric devices2) One vendor used the same backing store for both the secure and insecure path, allowing enrollment of fingerprints via the insecure path that were then trusted in the secure path3) Another vendor used their own fucked up TLS-based implementation rather than the Microsoft one4) *Microsoft* didn't use their own protocol
       
 (DIR) Post #Ac4zWnursl7ZDCGYAi by starchturrets@mastodon.social
       2023-11-22T23:08:30Z
       
       0 likes, 0 repeats
       
       @mjg59 Should I disable biometrics/windows hello entirely? :/
       
 (DIR) Post #Ac50YXvuNWA8Ar9BT6 by hllizi@hespere.de
       2023-11-22T23:20:30Z
       
       0 likes, 0 repeats
       
       @mjg59 this sounds like something only Microsoft could possibly accomplish
       
 (DIR) Post #Ac50wV5UbpBqIc3J4q by mjg59@nondeterministic.computer
       2023-11-22T23:25:15Z
       
       0 likes, 0 repeats
       
       @starchturrets Depends on your threat model and also whether your vendor has fucked things up, which is approximately impossible to determine in advance
       
 (DIR) Post #Ac519ETBhlxCWaCs3E by vbatts@fosstodon.org
       2023-11-22T23:25:25Z
       
       0 likes, 0 repeats
       
       @mjg59Conways law. It was likely two different teams within MSFT.
       
 (DIR) Post #Ac51JoSqjVT13V5rbE by mjg59@nondeterministic.computer
       2023-11-22T23:25:50Z
       
       0 likes, 0 repeats
       
       @vbatts Oh yes 100% - this is down to the Surface hardware people
       
 (DIR) Post #Ac52S0FssWyhtYUxbE by mesebrec@ubuntu.social
       2023-11-22T23:42:00Z
       
       0 likes, 0 repeats
       
       @mjg59 @kenvandine was someone from your team working on the Linux side of this?
       
 (DIR) Post #Ac52ml6qNxSZ0DAPgm by RainofTerra@terra.incognita.net
       2023-11-22T23:45:38Z
       
       0 likes, 0 repeats
       
       @mjg59 #4 is my favorite because it’s exactly what I would expect
       
 (DIR) Post #Ac53YzdVg6C9xNRiim by penguin42@mastodon.org.uk
       2023-11-22T23:56:04Z
       
       0 likes, 0 repeats
       
       @mjg59 (4) is in a removable case isn't it?  I'm not sure how the whole idea of a removable case verifying the fingerprint itself makes any sense.
       
 (DIR) Post #Ac53ssmKssskTo3gA4 by mjg59@nondeterministic.computer
       2023-11-22T23:59:38Z
       
       0 likes, 0 repeats
       
       @penguin42 Why not? The entire point of this is for the OS to be able to generate trust in a specific biometric device and then reject any responses from other devices
       
 (DIR) Post #Ac54GdQzaM2XqAOvtg by mjg59@nondeterministic.computer
       2023-11-23T00:02:31Z
       
       0 likes, 0 repeats
       
       Also, various places are spinning this as a Windows security issue - it's worth noting that you don't need to jump through *any* of these hoops to compromise any Linux devices using fprint. Many (most?) Windows devices using biometrics don't appear to live up to the expected standards and that's certainly a failure, but Windows gives vendors everything they need to do this securely
       
 (DIR) Post #Ac54SXtC1n6Y7LGsJU by penguin42@mastodon.org.uk
       2023-11-23T00:06:06Z
       
       0 likes, 0 repeats
       
       @mjg59 Hmm true, but it didn't feel like it was that symmetric; what was supposed to happen if the same user, registered the same cover with two tablets; what is even the users expectation of whether they can swap covers around?
       
 (DIR) Post #Ac54TXvpM63EXSyr1k by mjg59@nondeterministic.computer
       2023-11-23T00:03:58Z
       
       0 likes, 0 repeats
       
       (There's no inherent reason Linux can't implement this spec, except that it doesn't define what actually goes over USB so you still need to figure out how to communicate with the device and I'm not aware of any fingerprint reader vendors who've been willing to document that for implementation under Linux)
       
 (DIR) Post #Ac54ezcuj6n9cPam7U by mjg59@nondeterministic.computer
       2023-11-23T00:07:28Z
       
       0 likes, 0 repeats
       
       @penguin42 They'd need to register twice, once with each device. Should work fine, but the trust needs to be established
       
 (DIR) Post #Ac54vyrWoz9kAfWoam by starchturrets@mastodon.social
       2023-11-23T00:07:39Z
       
       0 likes, 0 repeats
       
       @mjg59 I've been meaning to move away from TPM only bitlocker anyways (only focused on casual attacks and all that), I think I might just lose biometrics but still keep the windows hello pin for the convenience
       
 (DIR) Post #Ac55NiiSRjtWCcVrFY by leon_p_smith@ioc.exchange
       2023-11-23T00:10:01Z
       
       0 likes, 0 repeats
       
       @mjg59 @starchturrets Yeah I was hoping to be able to use my fingerprint reader on my linux laptop, but after looking into it, I pretty much concluded that you literally have to get somewhat lucky for that to even be reasonably possible at the moment.
       
 (DIR) Post #Ac55jwJGaOWkjXKCIa by penguin42@mastodon.org.uk
       2023-11-23T00:20:26Z
       
       0 likes, 0 repeats
       
       @mjg59 Ah OK, yeh.
       
 (DIR) Post #Ac562Mk13MTrvCcgXg by mjg59@nondeterministic.computer
       2023-11-23T00:22:27Z
       
       0 likes, 0 repeats
       
       @leon_p_smith @starchturrets There's plenty of supported devices, but the real question is whether it's actually secure
       
 (DIR) Post #Ac571rvthKbQKEVVwG by starchturrets@mastodon.social
       2023-11-23T00:33:25Z
       
       0 likes, 0 repeats
       
       @mjg59 @leon_p_smith If Microsoft's own device doesn't implement it properly, as well as two of the big three (Lenovo and Dell), what hope does my consumer notebook HP have 😭
       
 (DIR) Post #Ac57CDYMAXEmH8QmNU by mjg59@nondeterministic.computer
       2023-11-23T00:33:54Z
       
       0 likes, 0 repeats
       
       @starchturrets @leon_p_smith Right? And it's basically impossible for an end-user to figure that out.
       
 (DIR) Post #Ac5DBzicClLl5qVRVg by whynothugo@fosstodon.org
       2023-11-23T01:42:31Z
       
       0 likes, 0 repeats
       
       @mjg59 This was a very entertaining and educational read, thanks for sharing.SDCP actually seems pretty good. The default seems to always trust MS’s CA, which kind of leaves a master key for overriding security... but it’s perfectly feasible for a software implementation to register and pin the device-specific certificate.
       
 (DIR) Post #Ac5nmsdV64VOBx0A4G by dickon@splodge.fluff.org
       2023-11-23T08:31:57Z
       
       0 likes, 0 repeats
       
       @mjg59 @starchturrets @leon_p_smith It's actually easy to work that out: it isn't secure.There *may* be a few edge cases where that is incorrect, but that'll be luck not design.
       
 (DIR) Post #Ac5sffll2KhM1uFKme by mjg59@nondeterministic.computer
       2023-11-23T09:27:19Z
       
       0 likes, 0 repeats
       
       @dickon @starchturrets @leon_p_smith The design has been done, it's actually more difficult for them to do it in the insecure way than the secure way
       
 (DIR) Post #Ac61MNkAjL7qD4NgOW by dickon@splodge.fluff.org
       2023-11-23T11:03:59Z
       
       0 likes, 0 repeats
       
       @mjg59 @starchturrets @leon_p_smith And there's *still* a very good chance there's an unnecessary scanf("%s") in there that renders the whole thing moot.Yeah, I know, I'm a cynic.  But I've been reading code lately.
       
 (DIR) Post #Ac6MpFKJCaoPXWt8tc by evntdrvn@hachyderm.io
       2023-11-23T15:04:19Z
       
       0 likes, 0 repeats
       
       @mjg59 the people at Microsoft who worked hard on those security frameworks must have had a big sad 😔