Windows Hell No for Business
Black Hat USA 2025 · Day 1 · Briefings
Researchers contracted by Germany's Federal Office for IT Security (BSI) conducted an in-depth security analysis of Windows Hello for Business and demonstrated that a local administrator can decrypt the biometric template database, read facial recognition data for all enrolled users, and inject their own biometrics — authenticating as any enrolled user on the domain. The attack is a live demo-proven escalation path from local admin to domain user, with implications for domain compromise. ---
AI review
A year-plus of BSI-funded reverse engineering, a 170-page technical report, and a live demo where Till logs in as Baptiste — Windows Hello for Business's biometric database is wide open to any local admin, and this talk proves it cold. The ESS hardware gap is the real punch: most enterprise hardware can't run the one mode that actually works.