Connect with us

Hi, what are you looking for?

Jewish Business News


CyberArk Finds Major Flaw in Windows Windows Hello Facial Recognition

Israeli cybersecurity firm CyberArk has found a serious problem with Windows Hello facial recognition system. CyberArk says that they were able to circumvent the Windows security system by using a picture of the person in question and a USB connected device.

Back in the 1980s all of these security checks that we now take for granted were the thing of sci-fi. In Start Trek II: The Wrath of Kahn, we got to see Captain Kirk authenticate his security clearance with a really fancy retina scan system. Similarly, many James Bond type movies showed security systems which required an ID card in addition to both visual and voice recognition.

Now just think about all of those Mission Impossible movies. Tom Cruise could easily beat any facial recognition system with one of those masks. Scarlett Johansson uses a similar tech in the Marvel movies.

Well such tech is not a reality, at least not yet.

Microsoft promises that Windows Hello is a more “personal, more secure way” to get instant access to your Windows 10 devices using a PIN, facial recognition, or fingerprint. The main feature of Windows Hello is biometric authentication.

CyberArk says that they surmised that the biometric sensor was the weak link in the chain by potentially exposing the system to data manipulation attacks on the target’s device. “The sensor is a device that transmits information on which the OS,” explains CyberArk, “in particular Windows Hello, makes its authentication decision. Therefore, manipulating this information can lead to a potential bypass to the whole authentication system.”

The problem here, as CyberArk explains, is that the camera which people use to present their faces for recognition can be an external device connected to a computer by way of a USB port. As such, the Windows system can be fooled into thinking that the image seen is live and not a photograph. Once this stage is bypassed, the system has been hacked.

CyberArk summed up its research saying, “We have seen that an attacker can create a custom-made USB device that Windows Hello will work with. The attacker controls the data that comes from this device. With only one valid IR frame of the target, the adversary can bypass the facial recognition mechanism of Windows Hello, resulting in a complete authentication bypass and potential access to all the victim’s sensitive assets.”

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.



You May Also Like

World News

In the 15th Nov 2015 edition of Israel’s good news, the highlights include:   ·         A new Israeli treatment brings hope to relapsed leukemia...


The contract signed between the Israeli government and Pfizer shows clearly and unequivocally that this is a clinical study on humans - The agreement...


After two decades without a rating system in Israel, at the end of 2012 an international tender for hotel rating was published.  Invited to place bids...


Now Platika joins and elite club of $10 billion plus Israeli firms.