{"id":726,"date":"2023-11-24T06:58:16","date_gmt":"2023-11-24T06:58:16","guid":{"rendered":"https:\/\/tastycounter.net\/index.php\/2023\/11\/24\/hack-thanh-cong-xac-thuc-van-tay-windows-hello\/"},"modified":"2023-11-24T06:58:16","modified_gmt":"2023-11-24T06:58:16","slug":"hack-thanh-cong-xac-thuc-van-tay-windows-hello","status":"publish","type":"post","link":"https:\/\/tastycounter.net\/index.php\/2023\/11\/24\/hack-thanh-cong-xac-thuc-van-tay-windows-hello\/","title":{"rendered":"Hack th\u00e0nh c\u00f4ng x\u00e1c th\u1ef1c v\u00e2n tay Windows Hello"},"content":{"rendered":"<\/p>\n<div class=\"content-detail textview\">\n<div class=\"audio\"><audio controls><\/audio><\/div>\n<p>M\u1ed9t nh\u00f3m b\u1ea3o m\u1eadt \u0111\u01b0\u1ee3c Microsoft thu\u00ea \u0111\u1ec3 ki\u1ec3m tra t\u1ed5ng quan v\u1ec1 ph\u1ea7n c\u1ee9ng v\u00e0 ph\u1ea7n m\u1ec1m x\u00e1c th\u1ef1c d\u1ea5u v\u00e2n tay Windows Hello m\u1edbi \u0111\u00e2y \u0111\u00e3 chia s\u1ebb th\u00f4ng tin v\u1ec1 vi\u1ec7c h\u1ecd c\u00f3 th\u1ec3 hack th\u00e0nh c\u00f4ng d\u1ecbch v\u1ee5 n\u00e0y tr\u00ean m\u1ed9t s\u1ed1 m\u00e1y t\u00ednh x\u00e1ch tay, bao g\u1ed3m c\u1ea3 c\u00e1c s\u1ea3n ph\u1ea9m Microsoft Surface.<\/p>\n<p>Nh\u00f3m hacker m\u0169 tr\u1eafng n\u00e0y c\u00f3 t\u00ean Blackwing Intelligence, \u0111\u00e3 ti\u1ebft l\u1ed9 nh\u1eefng ph\u00e1t hi\u1ec7n c\u1ee7a m\u00ecnh v\u00e0o th\u00e1ng 10 trong khu\u00f4n kh\u1ed5 h\u1ed9i ngh\u1ecb b\u1ea3o m\u1eadt BlueHat c\u1ee7a Microsoft. Nh\u01b0ng ph\u1ea3i \u0111\u1ebfn b\u00e2y gi\u1edd, th\u00f4ng tin chi ti\u1ebft v\u1ec1 v\u1ea5n \u0111\u1ec1 m\u1edbi \u0111\u01b0\u1ee3c nh\u00f3m chia s\u1ebb \u0111\u1ea7y \u0111\u1ee7.<\/p>\n<p>Trong m\u1ed9t b\u00e0i \u0111\u0103ng tr\u00ean blog c\u00f3 ti\u00eau \u0111\u1ec1 &#8220;A Touch of Pwn&#8221;, Blackwing Intelligence cho bi\u1ebft nh\u00f3m \u0111\u00e3 s\u1eed d\u1ee5ng c\u1ea3m bi\u1ebfn v\u00e2n tay b\u00ean trong m\u00e1y t\u00ednh x\u00e1ch tay Dell Inspiron 15 v\u00e0 Lenovo ThinkPad T14, c\u00f9ng v\u1edbi Microsoft Surface Pro Type Cover v\u1edbi Fingerprint ID \u0111\u01b0\u1ee3c t\u1ea1o cho Surface Surface Pro 8 v\u00e0 X. Nh\u1eefng c\u1ea3m bi\u1ebfn v\u00e2n tay n\u00e0y \u0111\u01b0\u1ee3c s\u1ea3n xu\u1ea5t b\u1edfi Goodix, Synaptics v\u00e0 ELAN.<\/p>\n<p style=\"text-align:center\">\n<p>T\u1ea5t c\u1ea3 c\u00e1c c\u1ea3m bi\u1ebfn v\u00e2n tay h\u1ed7 tr\u1ee3 Windows Hello \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong th\u1eed nghi\u1ec7m \u0111\u1ec1u \u0111\u01b0\u1ee3c t\u00edch h\u1ee3p h\u1ec7 th\u1ed1ng ph\u1ea7n c\u1ee9ng &#8220;match on chip&#8221;, c\u00f3 ngh\u0129a l\u00e0 vi\u1ec7c x\u00e1c th\u1ef1c \u0111\u01b0\u1ee3c x\u1eed l\u00fd tr\u00ean ch\u00ednh c\u1ea3m bi\u1ebfn c\u00f3 b\u1ed9 vi x\u1eed l\u00fd v\u00e0 b\u1ed9 l\u01b0u tr\u1eef ri\u00eang. Blackwing cho bi\u1ebft:<\/p>\n<div id=\"articleads\" class=\"adbox adsense in-article\"><ins class=\"adsbygoogle\" style=\"text-align:center\" data-ad-format=\"fluid\" data-ad-layout=\"in-article\" data-ad-client=\"ca-pub-9275417305531302\" data-ad-slot=\"2079243249\"><\/ins><\/div>\n<blockquote>\n<p>C\u01a1 s\u1edf d\u1eef li\u1ec7u v\u1ec1 \u201cm\u1eabu v\u00e2n tay\u201d (d\u1eef li\u1ec7u sinh tr\u1eafc h\u1ecdc m\u00e0 c\u1ea3m bi\u1ebfn v\u00e2n tay thu \u0111\u01b0\u1ee3c) \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef tr\u00ean chip, vi\u1ec7c \u0111\u0103ng k\u00fd v\u00e0 so kh\u1edbp \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n tr\u1ef1c ti\u1ebfp trong chip. V\u00ec c\u00e1c m\u1eabu d\u1ea5u v\u00e2n tay kh\u00f4ng bao gi\u1edd r\u1eddi kh\u1ecfi chip n\u00ean \u0111i\u1ec1u n\u00e0y gi\u00fap lo\u1ea1i b\u1ecf nh\u1eefng lo ng\u1ea1i v\u1ec1 quy\u1ec1n ri\u00eang t\u01b0 khi d\u1eef li\u1ec7u sinh tr\u1eafc h\u1ecdc \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef v\u00e0 c\u00f3 kh\u1ea3 n\u0103ng b\u1ecb l\u1ea5y ra kh\u1ecfi m\u00e1y ch\u1ee7 \u2014 ngay c\u1ea3 khi m\u00e1y ch\u1ee7 b\u1ecb x\u00e2m ph\u1ea1m. C\u00e1ch ti\u1ebfp c\u1eadn n\u00e0y c\u0169ng ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng ch\u1ec9 li\u00ean quan \u0111\u1ebfn vi\u1ec7c g\u1eedi h\u00ecnh \u1ea3nh d\u1ea5u v\u00e2n tay h\u1ee3p l\u1ec7 \u0111\u1ebfn m\u00e1y ch\u1ee7 \u0111\u1ec3 \u0111\u1ed1i chi\u1ebfu.<\/p>\n<\/blockquote>\n<p>Blackwing \u0111\u00e3 s\u1eed d\u1ee5ng k\u1ef9 thu\u1eadt \u0111\u1ea3o ng\u01b0\u1ee3c \u0111\u1ec3 t\u00ecm ra l\u1ed7 h\u1ed5ng trong c\u1ea3m bi\u1ebfn v\u00e2n tay, v\u00e0 sau \u0111\u00f3 t\u1ea1o ra thi\u1ebft b\u1ecb USB c\u1ee7a ri\u00eang h\u1ecd c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n cu\u1ed9c t\u1ea5n c\u00f4ng trung gian (MitM). \u0110i\u1ec1u n\u00e0y cho ph\u00e9p h\u1ecd b\u1ecf qua ph\u1ea7n c\u1ee9ng x\u00e1c th\u1ef1c d\u1ea5u v\u00e2n tay trong c\u00e1c thi\u1ebft b\u1ecb \u0111\u00f3.<\/p>\n<p>Nh\u00f3m hacker c\u0169ng ch\u1ec9 ra r\u1eb1ng m\u1eb7c d\u00f9 Microsoft s\u1eed d\u1ee5ng Secure Device Connection Protocol (SDCP) &#8220;\u0111\u1ec3 cung c\u1ea5p k\u00eanh k\u1ebft n\u1ed1i an to\u00e0n gi\u1eefa m\u00e1y ch\u1ee7 v\u00e0 thi\u1ebft b\u1ecb sinh tr\u1eafc h\u1ecdc&#8221;, nh\u01b0ng hai trong s\u1ed1 ba c\u1ea3m bi\u1ebfn v\u00e2n tay \u0111\u00e3 \u0111\u01b0\u1ee3c th\u1eed nghi\u1ec7m th\u1eadm ch\u00ed kh\u00f4ng b\u1eadt SDCP. Blackwell khuy\u1ebfn ngh\u1ecb t\u1ea5t c\u1ea3 c\u00e1c c\u00f4ng ty c\u1ea3m bi\u1ebfn v\u00e2n tay kh\u00f4ng ch\u1ec9 k\u00edch ho\u1ea1t SDCP tr\u00ean s\u1ea3n ph\u1ea9m c\u1ee7a h\u1ecd m\u00e0 c\u00f2n ph\u1ea3i nh\u1edd c\u00f4ng ty b\u00ean th\u1ee9 ba \u0111\u1ea3m b\u1ea3o r\u1eb1ng giao th\u1ee9c n\u00e0y th\u1ef1c s\u1ef1 ho\u1ea1t \u0111\u1ed9ng.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>M\u1ed9t nh\u00f3m b\u1ea3o m\u1eadt \u0111\u01b0\u1ee3c Microsoft thu\u00ea \u0111\u1ec3 ki\u1ec3m tra t\u1ed5ng quan v\u1ec1 ph\u1ea7n c\u1ee9ng v\u00e0 ph\u1ea7n m\u1ec1m x\u00e1c th\u1ef1c d\u1ea5u v\u00e2n tay Windows Hello m\u1edbi \u0111\u00e2y \u0111\u00e3 chia s\u1ebb th\u00f4ng tin v\u1ec1 vi\u1ec7c h\u1ecd c\u00f3 th\u1ec3 hack th\u00e0nh c\u00f4ng d\u1ecbch v\u1ee5 n\u00e0y tr\u00ean m\u1ed9t s\u1ed1 m\u00e1y t\u00ednh x\u00e1ch tay, bao g\u1ed3m c\u1ea3 c\u00e1c s\u1ea3n [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":727,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-726","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-khong-phan-loai"],"_links":{"self":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts\/726","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/comments?post=726"}],"version-history":[{"count":0,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts\/726\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/media\/727"}],"wp:attachment":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/media?parent=726"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/categories?post=726"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/tags?post=726"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}