Connect with us

Hi, what are you looking for?

Jewish Business News

Business

CyberArk Finds Major Flaw in Windows Windows Hello Facial Recognition

Israeli cybersecurity firm CyberArk has found a serious problem with Windows Hello facial recognition system. CyberArk says that they were able to circumvent the Windows security system by using a picture of the person in question and a USB connected device.

Back in the 1980s all of these security checks that we now take for granted were the thing of sci-fi. In Start Trek II: The Wrath of Kahn, we got to see Captain Kirk authenticate his security clearance with a really fancy retina scan system. Similarly, many James Bond type movies showed security systems which required an ID card in addition to both visual and voice recognition.

Please help us out :
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at [email protected].
Thank you.

Now just think about all of those Mission Impossible movies. Tom Cruise could easily beat any facial recognition system with one of those masks. Scarlett Johansson uses a similar tech in the Marvel movies.

Well such tech is not a reality, at least not yet.

Microsoft promises that Windows Hello is a more “personal, more secure way” to get instant access to your Windows 10 devices using a PIN, facial recognition, or fingerprint. The main feature of Windows Hello is biometric authentication.


CyberArk says that they surmised that the biometric sensor was the weak link in the chain by potentially exposing the system to data manipulation attacks on the target’s device. “The sensor is a device that transmits information on which the OS,” explains CyberArk, “in particular Windows Hello, makes its authentication decision. Therefore, manipulating this information can lead to a potential bypass to the whole authentication system.”

The problem here, as CyberArk explains, is that the camera which people use to present their faces for recognition can be an external device connected to a computer by way of a USB port. As such, the Windows system can be fooled into thinking that the image seen is live and not a photograph. Once this stage is bypassed, the system has been hacked.

CyberArk summed up its research saying, “We have seen that an attacker can create a custom-made USB device that Windows Hello will work with. The attacker controls the data that comes from this device. With only one valid IR frame of the target, the adversary can bypass the facial recognition mechanism of Windows Hello, resulting in a complete authentication bypass and potential access to all the victim’s sensitive assets.”

Newsletter



Advertisement

You May Also Like

World News

In the 15th Nov 2015 edition of Israel’s good news, the highlights include:   ·         A new Israeli treatment brings hope to relapsed leukemia...

Life-Style Health

Medint’s medical researchers provide data-driven insights to help patients make decisions; It is affordable- hundreds rather than thousands of dollars

Entertainment

The Movie The Professional is what made Natalie Portman a Lolita.

Travel

After two decades without a rating system in Israel, at the end of 2012 an international tender for hotel rating was published.  Invited to place bids...