Ejin Kim and Prof. Choi had a presentation in CanSecWest 2019 held on March 20-22 in downtown Vancouver, British Columbia, Canada.
A Dive into Windows Hello: Is it Really More Secure than a Password? Slide
We will examine to see if the PIN-based login in Windows Hello is more secure than the traditional password-based login. Vulnerable Windows Hello may result in a hijack of all combined services in Microsoft such as Office365, Microsoft Store, Dropbox and so on. Specifically, we will focus on extracting Windows Hello credentials stored on the victim’s device and migrating victim’s credentials to the attacker’s device for impersonation. In the demonstration we will reveal a detailed procedure of the PIN-based login in Windows Hello including 1) files formats and memory locations related to the login and 2) secret keys’ location and conversions to be used in encryption and decryption 3) a network protocol between a device and Microsoft servers for authenticating credentials.